[Opendnssec-user] kasp.xml Validity tag

Dupond Mailing dupond.mailinglist at gmail.com
Wed Apr 19 10:54:14 UTC 2017

Hello guys,

Recently, some zones were not secured anymore because of the Validity 
Period. The reason was that the signature expiration field of the RRSIG 
RR was too old.

For this time, I solved this problem by updating my zone. But I don't 
want to update all of my zones to avoid this.

Is there any rule to calculate the Default and Denial durations for non 
changing zones?



More information about the Opendnssec-user mailing list