[Pdns-users] DNSSEC live signing in complex setup
klaus.mailinglists at pernau.at
Mon May 27 06:13:09 UTC 2013
On 24.05.2013 18:49, Jan-Piet Mens wrote:
>> I did some basic testing and everything works fine, except that the
>> SOA's serial stays constant also during ZSK and KSK roll-overs. Is
>> this the expected behavior? E.g. Bind in inline-signing mode
>> increases the serial on roll-overs and re-signing.
> Have you looked at (and tweaked) the SOA-EDIT domainmetadata? You set it
> on a per/zone basis, and it bumps the SOA serial number in one of
> several formats for you.
- increase serial if incoming serial (AXFR) is increased
- increase serial when PDNS does zone changes (re-signing, rollover)
Reading the docs, it seems that INCEPTION-EPOCH should work when the
incoming serial also uses epoch as serial. I will try this one.
More information about the Pdns-users