summaryrefslogtreecommitdiff
path: root/src/Propellor
diff options
context:
space:
mode:
authorJoey Hess2015-01-04 14:17:33 -0400
committerJoey Hess2015-01-04 14:17:33 -0400
commit43e15c8addef95d300fbf1a84b06def9fd099c4d (patch)
tree33a7b97cff976a54924dc7b20a4d2f54759e0e69 /src/Propellor
parent0ec9b5b4540b8bbe98eadb6f48d5bc809903ca7d (diff)
fix serial incrementing
Diffstat (limited to 'src/Propellor')
-rw-r--r--src/Propellor/Property/DnsSec.hs6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/Propellor/Property/DnsSec.hs b/src/Propellor/Property/DnsSec.hs
index f39fcb25..37eea09c 100644
--- a/src/Propellor/Property/DnsSec.hs
+++ b/src/Propellor/Property/DnsSec.hs
@@ -78,7 +78,11 @@ forceZoneSigned domain zonefile = property ("zone signed for " ++ domain) $ lift
let p = proc "dnssec-signzone"
[ "-A"
, "-3", salt
- , "-N", "keep"
+ -- The serial number needs to be increased each time the
+ -- zone is resigned, even if there are no other changes,
+ -- so that it will propigate to secondaries. So, use the
+ -- unixtime serial format.
+ , "-N", "unixtime"
, "-o", domain
, zonefile
-- the ordering of these key files does not matter