dns/master: Let serial number configured by dnssec-signzone

4 years ago · 0662df1ca5
parent d8f1b36ee1
commit 0662df1ca5
3 changed files with 2 additions and 3 deletions
--- a/roles/dns/master/defaults/main.yml
+++ b/roles/dns/master/defaults/main.yml
@ -18,7 +18,6 @@ dnssec_key_length: "4096"

 main_nameserver_domain: "ns1.{{ domain }}."
 responsible_mail_name: "admin.{{ domain }}."
-serial_number: "{{ lookup('pipe', 'date +\"%Y%m%d%H\"') }}"
 refresh: 86400
 retry: 7200
 expire: 3600000
--- a/roles/dns/master/templates/zone.db
+++ b/roles/dns/master/templates/zone.db
@ -1,6 +1,6 @@
 $TTL 86400
@ IN SOA {{ main_nameserver_domain }} {{ responsible_mail_name }} (
-  {{ serial_number }}
+  0
  {{ refresh }}
  {{ retry }}
  {{ expire }}
--- a/roles/dns/master/templates/zone.makefile
+++ b/roles/dns/master/templates/zone.makefile
@ -16,7 +16,7 @@ ${signed_file}: ${db_file}
 	dnssec-signzone \
 		-3 $$(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) \
 		-a \
-		-N KEEP \
+		-N unixtime \
 		-o {{ domain | quote }} \
 		-f "$@" \
 		"$<"