On 05/03/12 17:46, David Kreindler wrote:
Are there guidelines or suggestions for setting the values of
sig-signing-nodes and sig-signing-signatures?
For what it's worth, we do "auto-dnssec maintain" with dynamic zones,
and have left them at their default. It's a big zone, and the constant
t
Thanks for the suggestion.
After 48 sets of IXFRs and more than 1200 SOA serial increments, the system
finished signing the zone.
Manually incrementing the (unsigned) SOA serial now results in just one more
set of IXFRs.
It would have been helpful if somewhere in the documentation we were warn
On 05.03.12 07:46, David Kreindler wrote:
We thought of two other differences between this zone and the others:
1. this zone has NS records with servers that are in the zone itself, and
2. our global "also-notify" option contain IP addresses that resolve to host
names in this zone.
Could the p
> We thought of two other differences between this zone and the others:
> 1. this zone has NS records with servers that are in the zone itself, and 2.
> our global "also-notify" option contain IP addresses that resolve to host
> names in this zone.
I don't have a handle on the underlying proble
We thought of two other differences between this zone and the others:
1. this zone has NS records with servers that are in the zone itself, and
2. our global "also-notify" option contain IP addresses that resolve to host
names in this zone.
Could the problem be the result of the servers notifyin
Just let it complete signing the zone. This is done incrementally.
sig-signing-nodes ;
sig-signing-signatures ;
These control the number nodes processed and signatures generated per
increment.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2
6 matches
Mail list logo