DNSSEC and automatic renewal of RRSIG-expiration-time
Tom
tomtux007 at gmail.com
Thu May 3 07:33:18 UTC 2018
Hi list
Using latest BIND (9.12.1) with dnssec and inline-signing enabled.
SIG-VALIDITY-INTERVAL is set to 1 day (for testing).
Look the following RRSIG:
test01.example.com. 300 IN RRSIG A 8 3 300 (
20180504060124 20180503052321 11111 test01.example.com.
rUch7bFR18Nmaeu+gqS29fG8oTPQm1SIBe9x+0iVPpXw
GnXBy6bZacXiBwYPjgJd7GK+3giGq/Mw2URXexW8PuuV
IGBz8bRUczNbQPHsaZUWXlv32RelJArykWB8S/N5pvOn
r8Q9w4asKR6JNiDnzoF/09EVlSyXvaluVrZT7kMGKdgC
OB7H20kwcBkGdwUYMclna2XmddQMeicc5yjxglQgpg89
48Om5L8A0hjGDQEyTTTaOA91D+7/F2yI99TPvSYizC+6
vYUoleAIWQi3GRG/KJRd9N8OouZIYgOtf2jKPwsEQwhQ
sS7G3w4BxrkEB8Q8btx5CWaKX2CVD8Jv2A== )
The record does expire in a few hours.
Does the "inline-signing"-mechanism also automatically renew the
expiration-time of the RRSIGs? If so: When or in which interval does
BIND verify the expiration-times of the RRSIGs and renew them? If no,
what do I have to do, to force BIND automatically to renew the RRSIGs?
Thank you.
Kind regards,
Tom
More information about the bind-users
mailing list