[Pdns-users] DNSSEC live signing in complex setup
Klaus Darilion
klaus.mailinglists at pernau.at
Mon May 27 06:13:09 UTC 2013
Hi Jan-Piet!
On 24.05.2013 18:49, Jan-Piet Mens wrote:
> Klaus,
>
>> I did some basic testing and everything works fine, except that the
>> SOA's serial stays constant also during ZSK and KSK roll-overs. Is
>> this the expected behavior? E.g. Bind in inline-signing mode
>> increases the serial on roll-overs and re-signing.
>
> Have you looked at (and tweaked) the SOA-EDIT domainmetadata? You set it
> on a per/zone basis, and it bumps the SOA serial number in one of
> several formats for you.
I want:
- increase serial if incoming serial (AXFR) is increased
- increase serial when PDNS does zone changes (re-signing, rollover)
Reading the docs, it seems that INCEPTION-EPOCH should work when the
incoming serial also uses epoch as serial. I will try this one.
Thanks
Klaus
More information about the Pdns-users
mailing list