Re: BIND - in loop rewrite zone serial no.

2020-01-30 Thread Tony Finch
Milan Jeskynka Kazatel wrote: > > could someone, please, help me with diagnostics, how can I check how many > records are signed per cycle? I looked at my zone transfer logs, which give the size of each IXFR following a zone update. If you don't have any ixfr logs, then you can use

Re: BIND - in loop rewrite zone serial no.

2020-01-30 Thread Milan Jeskynka Kazatel
?  At the moment the signing and zone serial increasing causes too many IXFR/ AXFR transactions with slaves. Best regards,  -- Smil Milan Jeskyňka Kazatel -- Původní e-mail -- Od: Tony Finch Komu: Milan Jeskynka Kazatel Datum: 28. 1. 2020 17:41:30 Předmět: Re: BIND - in loop rewrite

Re: BIND - in loop rewrite zone serial no.

2020-01-28 Thread Tony Finch
Milan Jeskynka Kazatel wrote: > > Then how to achieve to resign the whole zone in one step? Which config > option should be affected? I don't believe that is possible with automatic signing. You can do it yourself with `dnssec-signzone` but that's fiddly and error-prone. Tony. --

Re: BIND - in loop rewrite zone serial no.

2020-01-28 Thread FUSTE Emmanuel
Le 28/01/2020 à 16:49, Milan Jeskynka Kazatel a écrit : > Hello Tony, > > thank you for the response, > > If I correctly understand, Bind should have an option to specify how > many records could be signed at the same time. Then in the zone with > 250 records it should be 3 times in the row - as

Re: BIND - in loop rewrite zone serial no.

2020-01-28 Thread Milan Jeskynka Kazatel
tum: 28. 1. 2020 13:34:33 Předmět: Re: BIND - in loop rewrite zone serial no. "Milan Jeskynka Kazatel wrote: > > Why does Bind keep resign zone in a loop over and over in a few minutes? It only signs a few records at a time to avoid eating all your CPU (my server seems to average

Re: BIND - in loop rewrite zone serial no.

2020-01-28 Thread Tony Finch
Milan Jeskynka Kazatel wrote: > > Why does Bind keep resign zone in a loop over and over in a few minutes? It only signs a few records at a time to avoid eating all your CPU (my server seems to average 53 records at a time, coincidentally). It spreads out re-signing according to the

Re: BIND - in loop rewrite zone serial no.

2020-01-28 Thread Matus UHLAR - fantomas
list at bind-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of bind-users digest..." Today's Topics: 1. BIND - in loop rewrite zone serial no. (Milan Jeskynka Kazatel) 2. Re: BIND - in loop rewrite zone serial no.

Re: BIND - in loop rewrite zone serial no.

2020-01-28 Thread Milan Jeskynka Kazatel
n "Re: Contents of bind-users digest..." Today's Topics: 1. BIND - in loop rewrite zone serial no. (Milan Jeskynka Kazatel) 2. Re: BIND - in loop rewrite zone serial no. (FUSTE Emmanuel) -- Message: 1 Date: Tue, 28 Ja

Re: BIND - in loop rewrite zone serial no.

2020-01-28 Thread FUSTE Emmanuel
Le 28/01/2020 à 10:14, Milan Jeskynka Kazatel a écrit : > > Hello, > > my previous email with the same subject still waiting for moderator > approval, because email is too big. > Then I have to ask with a shorter part of the log. > > I´m facing with a suspicious behavior of my authoritative DNS