SOA record not signed with new key at key-rollover
Tony Finch
dot at dotat.at
Mon Jul 18 10:48:18 UTC 2016
Nis Wechselberg <enbewe at enbewe.de> wrote:
> Am I getting it right that the rest of the zone is not (re)signed
> because the current signature is still valid for some time?
>
> So if I were to set sig-validity-interval to a shorter value, this would
> help with the issue?
If you are testing out a fast rollover schedule then it would make sense
to set a short sig-validity-interval, scaled to match.
If your rollover time is much shorter then you are testing something that
is more like an emergency unplanned rollover.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Irish Sea: Southerly, becoming variable, 3 or 4, occasionally 5 at first in
west. Smooth or slight. Fog banks. Moderate or good, occasionally very poor.
More information about the bind-users
mailing list