DNSSEC:RRSIG validity period has not begun
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Oct 14 14:17:56 UTC 2008
On Tue, Oct 14, 2008 at 06:50:17AM -0600,
Rajalakshmi R <RRajalakshmi at novell.com> wrote
a message of 33 lines which said:
> raji.com. 86400 IN RRSIG DNSKEY 5 2 86400
> 20081113142126 20081014142126
14th october 2008, 14:21, UTC
> 14-Oct-2008 17:16:34.386 validating @0x555555742220: raji.com DNSKEY: verify rdataset (keyidA667): RRSIG validity period has not begun
Clock off by a few minutes?
RFC 4034 :
The Signature Expiration Time and Inception Time field values MUST be
represented either as an unsigned decimal integer indicating seconds
since 1 January 1970 00:00:00 UTC, or in the form YYYYMMDDHHmmSS in
UTC, where:
YYYY is the year (0001-9999, but see Section 3.1.5);
MM is the month number (01-12);
DD is the day of the month (01-31);
HH is the hour, in 24 hour notation (00-23);
mm is the minute (00-59); and
SS is the second (00-59).
More information about the bind-users
mailing list