ly, so I guess this is somehow related to the size of the journal for
this zone, which rotates DNSSEC keys very often.
--
Cheers,
Ondřej Caletka
--
h" state, the key is not yet usable as there may be caches
caching old keysets. So publishing CDS/CDNSKEY in "ready" state is the
right thing to do.
I think it is a bug not to set "ready" key tag to the same value as
"publish" and "active" tags during manual key generation, though.
--
Ondřej Caletka
CESNET
--
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
ange (ie. there is still history in the journal)
- when zone file is edited and SOA is not set to be higher than current
serial of signed zone, only warning gets logged and nothing breaks.
So `journal-content: all` was the reason of all the strange behavior I
observed.
Cheers,
Ondřej Caletka
--
htt
ned master zonefile and pipe the
results to the nsupdate utility. That means live zone files can be
completely dynamic, stored somewhere in /var/ and each update changes
only the minimum number of RRs.
[1]: http://dotat.at/prog/nsdiff/
--
Ondřej Cale