Re: Resign a zone
Le mardi 8 novembre 2011 10:34, rams a écrit : Hi , I have signed zone and already i have resigned two times. Now again i am resigning zone but after resign zone , RRSIG values are not changed. the same old values displaying. Any wrong in me. Could you please guide me how to change RRSIG values. webmin module provide correct support to resignzone thanks also to automatic resign -- http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://urlshort.eu fakessh @ pgpdF2sY8w6Ua.pgp Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Resign a zone
Hi , I have signed zone and already i have resigned two times. Now again i am resigning zone but after resign zone , RRSIG values are not changed. the same old values displaying. Any wrong in me. Could you please guide me how to change RRSIG values. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Resign a zone
On 2011-11-08 10:34, rams wrote: Hi , I have signed zone and already i have resigned two times. Now again i am resigning zone but after resign zone , RRSIG values are not changed. the same old values displaying. Any wrong in me. Could you please guide me how to change RRSIG values. There could be several issues with this, please give some more info. How are you signing your zone? dnssec-signzone? automatically using bind? Some other software? If you're using dnssec-signzone and pass it old signed zone data it regenerates signatures only if signature end time falls within a period defaulting to 1/4 signature valitity time (so with default signature period it's 7.5 days). If you re-sign your zone say 10 days in advance, it won't change old signatures. You can change it with -i. Other software probably behaves similarly. Also, if you're signing your zone off-line and upload it to bind, did you remember to change SOA and reload master? Regards, Torinthiel ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: how to resign a zone
On 6/6/2010 11:28 PM, rams wrote: Hi, How to resign a zone? Make it dynamic, allow BIND to have access to the keys and you don't have to do anything manually. If you don't have (or want to use) that option, you need to run dnssec-signzone on the signed data (to refresh existing signatures) or on the original input file (if you want to generate all new signatures). AlanC signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
how to resign a zone
Hi, How to resign a zone? Thanks Regards, Ramesh ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
