summaryrefslogtreecommitdiff
path: root/src/Propellor
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor')
-rw-r--r--src/Propellor/Property/DnsSec.hs6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/Propellor/Property/DnsSec.hs b/src/Propellor/Property/DnsSec.hs
index f39fcb25..37eea09c 100644
--- a/src/Propellor/Property/DnsSec.hs
+++ b/src/Propellor/Property/DnsSec.hs
@@ -78,7 +78,11 @@ forceZoneSigned domain zonefile = property ("zone signed for " ++ domain) $ lift
let p = proc "dnssec-signzone"
[ "-A"
, "-3", salt
- , "-N", "keep"
+ -- The serial number needs to be increased each time the
+ -- zone is resigned, even if there are no other changes,
+ -- so that it will propigate to secondaries. So, use the
+ -- unixtime serial format.
+ , "-N", "unixtime"
, "-o", domain
, zonefile
-- the ordering of these key files does not matter