The timestamp of the DS RR or DLV RR
徐东
xudong83 at gmail.com
Mon Aug 10 08:18:28 UTC 2009
hi,
I made a test about the DS RR and DLV RR, and i found something strange: i
set the period of validity of the DS RRs or DLV RRs to 10 minites when
signning the parent's zones, just as bellow:
*dnssec-signzone -r /dev/urandom -t -o dlv.com -s 20090810153200 -e
20090810154200 -k Kdlv.com.+005+27238.private dlv.com.zone
Kdlv.com.+005+28152.private*
And after about more than 10 minites from the starting of signature, when i
looked up a NS or A record with the dig on the recursive server, it still
returned the information back with the "ad" flag.
but the RRSIG of the DLV RR(or RRSIG of the DS RR)has expired, so i think
the bind may not check the validity of the RRSIG about the DS RR or DLV RR.
So, i want to confirm this problem.
Thanks!
--
---------------------------------------------------------
Xudong
Email:xudong83 at gmail.com
Beijing,China
---------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090810/12c3989c/attachment.html>
More information about the bind-users
mailing list