[Opendnssec-user] Max KSK lifetime
Thomas Dupas
thomas at dupas.be
Wed Nov 14 14:56:11 UTC 2012
Hi everyone,
Is there an (intended) hard limit on the max ksk lifetime, in opendnssec 1.4.0 b1?
I wanted to extend the default 1Y lifetime to 2Y .. but opendnssec didn't agree with me:
"WARNING: In policy default, Y used in duration field for Keys/KSK Lifetime (P2Y) in /etc/opendnssec/kasp.xml - this will be interpreted as 365 days"
If I want it to be indefinite / untill it is deemed necessary, should I put it to 10Y, or 0, or ..?
Br,
Thomas
More information about the Opendnssec-user
mailing list