Re: CVS commit: src/etc/rc.d

To: Tonnerre LOMBARD <tonnerre%netbsd.ch@localhost>
Subject: Re: CVS commit: src/etc/rc.d
From: "Perry E. Metzger" <perry%piermont.com@localhost>
Date: Sun, 09 Aug 2009 11:41:15 -0400

Tonnerre LOMBARD <tonnerre%netbsd.ch@localhost> writes:
> On Sun, Aug 09, 2009 at 09:41:00AM -0400, Perry E. Metzger wrote:
>> >> So don't do that.
>> >
>> > Don't do what?
>> 
>> Don't do the DNS signature generation at the same moment that you bring
>> up the name server to provide resolution services locally. There is no
>> reason that you have to do things that way (and in fact, there are a lot
>> of reasons not to.) BTW, I don't believe our current scripts are set up
>> to do that anyway, so this is moot.
>
> The zone provider has to generate a DNSSEC signature at the moment it
> signals people to reload the zone.

And why would it "have" to signal people to reload a zone that hadn't
changed?

You have to sign zone files when they change or when a signature
expires. You don't have to do it at boot time. You don't even have to do
it on the same machine that is serving the zones. I suggest reading the
manual.

Perry

Follow-Ups:
- Re: CVS commit: src/etc/rc.d
  - From: Tonnerre LOMBARD

References:
- Re: CVS commit: src/etc/rc.d
  - From: Joerg Sonnenberger
- Re: CVS commit: src/etc/rc.d
  - From: Perry E. Metzger
- Re: CVS commit: src/etc/rc.d
  - From: Tonnerre LOMBARD
- Re: CVS commit: src/etc/rc.d
  - From: Perry E. Metzger
- Re: CVS commit: src/etc/rc.d
  - From: Tonnerre LOMBARD
- Re: CVS commit: src/etc/rc.d
  - From: Perry E. Metzger
- Re: CVS commit: src/etc/rc.d
  - From: Tonnerre LOMBARD
- Re: CVS commit: src/etc/rc.d
  - From: Perry E. Metzger
- Re: CVS commit: src/etc/rc.d
  - From: Tonnerre LOMBARD

Prev by Date: Re: CVS commit: src/etc/rc.d
Next by Date: Re: [PATCH] pcictl: simplify its usage
Previous by Thread: Re: CVS commit: src/etc/rc.d
Next by Thread: Re: CVS commit: src/etc/rc.d
Indexes:

Home | Main Index | Thread Index | Old Index