dnssec-keygen & dnssec-signzone "smart signing" vs time zones
Mark Andrews
marka at isc.org
Thu Apr 29 03:22:06 UTC 2010
In message <Pine.GSO.4.55.1004281958000.11178 at loogie.intranet.csupomona.edu>, "
Paul B. Henson" writes:
> On Wed, 28 Apr 2010, Mark Andrews wrote:
>
> > The .private timestamps are in UTC and that is what is used for key
> > management. The .key values are just comments. You should be able to
> > work out my current offset from UTC.
> >
> > % grep Created Klllll.+005+59421.*
> > Klllll.+005+59421.key:; Created: Thu Apr 29 11:10:24 2010
> > Klllll.+005+59421.private:Created: 20100429011024
>
> Ah, ok, that makes more sense, thanks.
>
> It might help prevent confusion if the documentation was more clear on time
> handling; I might have missed it but I didn't see anything explaining time
> was stored in UTC, or that times provided on the command line were
> considered to be in UTC. That last bit isn't very intuitive, typically when
> time is specified like that it's relative to your time zone. I guess I'll
> need to convert the time I want relative to my time zone to UTC and pass
> that on the command line instead.
Would something like this be better? Do you need a UTC after the timestamp.
Note: now + delta is timezone agnostic.
; This is a zone-signing key, keyid 26628, for kij.
; Created: 20100429025050 (Thu Apr 29 12:50:50 2010)
; Publish: 20100429025050 (Thu Apr 29 12:50:50 2010)
; Activate: 20100429025050 (Thu Apr 29 12:50:50 2010)
kij. IN DNSKEY 256 3 5 AwEAAb6VYqE8stYu19VmT2nmeJd+xKKKA7u+FqVpCWmop8UoEba/4zmM
BkjfueTtWTAo2qsyX9mW10B48M+slzk3HPGLvCDP5U6iKQWQvtEm4k6/ ml0Xzvnjfc36ynQK4IuffGz
FSsYenr01qF+SGizP2pb2LIWYIjyKamYG 34+0c1/5
>From dnssec-signzone
-s start-time
Specify the date and time when the generated RRSIG records become
valid. This can be either an absolute or relative time. An absolute
start time is indicated by a number in YYYYMMDDHHMMSS notation;
20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative
start time is indicated by +N, which is N seconds from the current
time. If no start-time is specified, the current time minus 1 hour
(to allow for clock skew) is used.
Mark
> --
> Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
> Operating Systems and Network Analyst | henson at csupomona.edu
> California State Polytechnic University | Pomona CA 91768
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list