dnssec-keygen with different activation date
Chris Thompson
cet1 at cam.ac.uk
Sat May 21 22:30:10 UTC 2011
On May 21 2011, Chuck Swiger wrote:
>On May 20, 2011, at 4:41 PM, Noel Rocha wrote:
>> # Showing activate date
>> $ cat Kmydomain.com.+005+48738.key | grep Activate
>> ; Activate: 20110520203500 (Fri May 20 17:35:00 2011)
>>
>> This (20110520203500)2011/05/20 20:35:00 isn't "Fri May 20 17:35:00 2011." :(
>>
>> Anyone have idea how to solve this problem?
>
>There isn't a problem: 20:35 GMT is 17:35 BRT.
>
>As a general rule, ISC software stores timestamps in GMT rather than
>in the local timezone to avoid all sorts of nonportable painful issues
>with local timezone conversions.
The human-readable versions in the .key files are in the timezone in
which dnssec-keygen or dnssec-settime was run ... which might not be
the same as that on the nameserver on which they are subsequently
deployed.
But only the numeric UTC versions have any effect on the actual behavior
of BIND.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list