diff options
| author | Joey Hess <joeyh@joeyh.name> | 2015-01-04 14:17:33 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2015-01-04 14:17:33 -0400 |
| commit | 43e15c8addef95d300fbf1a84b06def9fd099c4d (patch) | |
| tree | 33a7b97cff976a54924dc7b20a4d2f54759e0e69 /src/Propellor/Property/DnsSec.hs | |
| parent | 0ec9b5b4540b8bbe98eadb6f48d5bc809903ca7d (diff) | |
fix serial incrementing
Diffstat (limited to 'src/Propellor/Property/DnsSec.hs')
| -rw-r--r-- | src/Propellor/Property/DnsSec.hs | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/Propellor/Property/DnsSec.hs b/src/Propellor/Property/DnsSec.hs index f39fcb25..37eea09c 100644 --- a/src/Propellor/Property/DnsSec.hs +++ b/src/Propellor/Property/DnsSec.hs @@ -78,7 +78,11 @@ forceZoneSigned domain zonefile = property ("zone signed for " ++ domain) $ lift let p = proc "dnssec-signzone" [ "-A" , "-3", salt - , "-N", "keep" + -- The serial number needs to be increased each time the + -- zone is resigned, even if there are no other changes, + -- so that it will propigate to secondaries. So, use the + -- unixtime serial format. + , "-N", "unixtime" , "-o", domain , zonefile -- the ordering of these key files does not matter |