[Opendnssec-develop] separate validity for signatures over DNSKEY

Jakob Schlyter jakob at kirei.se
Mon Mar 15 10:25:32 UTC 2010

On 15 mar 2010, at 11.24, Matthijs Mekking wrote:

> Rickard Bellgrim wrote:
>> Refresh KSK RRSIG when it is 15 days until it expires.
>> Refresh ZSK RRSIG when it is 4 days until it expires.
> What is a KSK RRSIG? What is a ZSK RRSIG?
> I do know of a RRSIG record that covers the type DNSKEY...

I take it Rickard mean a RRSIG over DNSKEY (by KSK) or RRSIG over anything-else (by ZSK).


More information about the Opendnssec-develop mailing list