Hello,
I have my master nameserver on a cPanel server with PowerDNS. I then transfer the zones via AXFR to the slave servers of a third-party service and everything is working well, except today I noticed that the RRSIG signatures expired and the domain name is not resolving anymore.
From the documentation: DNSSEC with PowerDNS:
I have my master nameserver on a cPanel server with PowerDNS. I then transfer the zones via AXFR to the slave servers of a third-party service and everything is working well, except today I noticed that the RRSIG signatures expired and the domain name is not resolving anymore.
From the documentation: DNSSEC with PowerDNS:
"If your DNS setup uses non-PowerDNS slaves, the slaves need to know when the signatures have been updated. This can be accomplished by setting the SOA-EDIT metadata for DNSSEC signed zones. This value controls how the value of the SOA serial is modified by PowerDNS."
What would be the ideal way to achieve this with cPanel? Should I perhaps setup a CRON script to update the SOA serials every X days?