[Opendnssec-develop] RE: Signing back-offs

Sara (Sinodun) sara at sinodun.com
Thu Jul 12 10:58:30 UTC 2012


Hi All, 

There seems to be a lot of traffic on the users list about problems with signature expiry dates and signing back-offs for various reasons.  Some issues have been traced to:

- use of the auditor. (This can be addresses by disabling the auditor.)
- configuration issues

however there are a couple we haven't been able to get the bottom of, or are still waiting for logs to investigate. I know that Paul, in particular, has a sense that 1.3 is unreliable in this regard. I have opened this thread to tackle the following:

1) Do we think there is an underlying issue and if so can we form a plan to investigate.

2) Paul - please make us aware of any specific issues on this that have been reported but you think merit further investigation. (I believe https://issues.opendnssec.org/browse/SUPPORT-22 is in this category?) We absolutely want to know about and fix issues in 1.3.

3) Can we think of any improvements to tools or monitoring, documentation, etc that would help users detect signing back-off issues earlier?

Sara.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20120712/24779a71/attachment.htm>


More information about the Opendnssec-develop mailing list