From 43e15c8addef95d300fbf1a84b06def9fd099c4d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 4 Jan 2015 14:17:33 -0400 Subject: fix serial incrementing --- src/Propellor/Property/DnsSec.hs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/DnsSec.hs b/src/Propellor/Property/DnsSec.hs index f39fcb25..37eea09c 100644 --- a/src/Propellor/Property/DnsSec.hs +++ b/src/Propellor/Property/DnsSec.hs @@ -78,7 +78,11 @@ forceZoneSigned domain zonefile = property ("zone signed for " ++ domain) $ lift let p = proc "dnssec-signzone" [ "-A" , "-3", salt - , "-N", "keep" + -- The serial number needs to be increased each time the + -- zone is resigned, even if there are no other changes, + -- so that it will propigate to secondaries. So, use the + -- unixtime serial format. + , "-N", "unixtime" , "-o", domain , zonefile -- the ordering of these key files does not matter -- cgit v1.2.3