[Opendnssec-user] RRSIG for hobby.nl expires soon

Scott Armitage S.P.Armitage at lboro.ac.uk
Wed Jul 4 15:27:07 UTC 2012


On 4 Jul 2012, at 16:19, Miek Gieben wrote:

> [ Quoting <bas at dikkenberg.net> in "[Opendnssec-user] RRSIG for hobby.n..." ]
>> Hi i have problem with rrsig’s that are expiring.
>> 
>> In the kaspl it states that the rrsig’s must be refresh 3d before they expire.
>> 
>> But opendnssec doesn’t refresh them.
> 
> isn't the jitter also in play here? I.e. In the worst case they expire
> 3 +12 hours day


I thought of that.  But even including the jitter, I had signatures which were well outside of the time when they should have been refreshed.  As previously mentioned I've been too busy to look into it, and wasn't overly concerned as ODS never let any signatures expire.  


Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120704/f6a4060c/attachment.bin>


More information about the Opendnssec-user mailing list