[Opendnssec-develop] Signer Enforcer Communication

Yuri Schaeffer yuri at nlnetlabs.nl
Fri Dec 23 12:29:46 UTC 2011

> The moment that a signature is replaced is the at the resign interval
> where the signature is not fresh anymore for the first time:
> 	(validity + jitter) + resign - refresh

I think I get it; The signer does check for work it regular intervals,
so I need resign en refresh times.

so the period to wait for the signer to make the transition is:

MaxZoneTTL + 
MAX(Signatures->Validity->Default, Signatures->Validity->Denial) +
Signatures->Jitter + resign - refresh

> Note that jitter in the worst case is 1*jitter, because the jitter range
> is from [-j ... j].

Yes. Worst case 1*jitter. Which means I'm worst case 2*jitter off.


More information about the Opendnssec-develop mailing list