[Opendnssec-user] Retired keys

Marco Davids (SIDN) marco.davids at sidn.nl
Wed Jul 7 06:08:46 UTC 2010


Hi,

For testing pruposes I configured a setup with very short rollover
periods. Everything seems to work fine; new zonefile every 15 minutes,
new ZSK every two hours or so.

However, in spite of short timing-settings, the number of retired ZSK's
is increasing, because their next transition time is always one week
ahead, no matter what I try to shorten this.

I fiddled around with a number of options, in particular the
RetireSafety setting, but so far without luck.

What am I missing here?

Thank you.

-- 
Marco



More information about the Opendnssec-user mailing list