KSK stays published 3 days after delete time
Evan Hunt
each at isc.org
Fri May 11 14:10:06 UTC 2012
> That's what I mean with "key 22924 of framail.de has a delete date of
> 2012-05-07T14:55:02 set".
Okay. But you also said it was deleted from the repository at or before
that time, and clarified that this meant your script had deleted it. It
needs to remain in the repository until *after* all scheduled events have
taken place.
> I have "auto-dnssec maintain;" set and my understanding is, that named
> does not require a rndc loadkeys to remove the key from the DNSKEY RRSET
> if the delete time, set with dnssec-settime, has passed.
> Is this wrong?
No, that's correct. "rndc loadkeys" is only necessary when you want
to change timing on a key and have named notice the change immediately.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list