[Opendnssec-develop] RRSIG's and 2038
Marco Davids (SIDN)
marco.davids at sidn.nl
Mon Sep 20 08:48:02 UTC 2010
List,
Inspired by...
https://lists.isc.org/pipermail/bind-users/2010-September/081076.html
I tried some dates in the future with DNSSEC and I was able to sign a
zone (forfunsec.org) with an expiration time of 20771231000000. Dates
after that are not possible, which seems consistent with RFC1982.
For what is is worth; DNScheck seems unable to handle this date. It
generates an error: 'DNSSEC signature expired'.
I haven't tried to lower the date up to a value that DNScheck accepts,
but I suspect that it will be somewhere around the year 2038?
Reagards,
--
Marco Davids
Technical Advisor
SIDN | Utrechtseweg 310 | 6812 AR | Postbus 5022 | 6802 EA | ARNHEM
T +31 (0)26 352 55 83 | M +31 (0)6 52 37 34 35 | F +31 (0)26 352 55 05
marco.davids at sidn.nl | www.sidn.nl | enum:+31652373435 | sip:583 at sidn.nl
More information about the Opendnssec-develop
mailing list