0

I'm testing key rollover with Dynamic Update. I'm using Bind 9.7.1-P2. When I change the key dates with the script dnssec-settime, named doesn´t update automatically the zone file unless I reload the service. Is this the normal behaviour??

Regards Arancha

2 Answers2

2

Do a "rndc sign zonename" to get named to notice your change.

Knobee
  • 377
  • 2
  • 7
  • The problem is if, for example, I change the Inactivation date of the current ZSK to now, and I also create a new ZSK with Activation date to now, the zone file gets signed by both ZSKs. And this is not the Pre-publication method that I would like to implement for a rollover. –  Nov 04 '10 at 10:34
  • Sorry, this problem ocurred because I created the new ZSK with Publicaction and Activation date to now –  Nov 04 '10 at 10:56
  • Is your zone set as "auto-dnssec maintain;" and are they keys for the zone available in the "key-directory" associated with the zone? I can't tell from your note above if you were able to solve the problem.. I've also been asked in another thread to admit that I work for ISC, the maintainers of BIND and ISC DHCP... :) – Knobee Nov 06 '10 at 01:11
0

I don't know anything about key rollovers but it is normal for named (and almost all other linux based daemons) not to do anything automatically involving their configs files unless you reload the service. You don't have to restart it, just tell it to reload the configs.

Caleb
  • 11,583
  • 4
  • 35
  • 49