[Opendnssec-user] Zone updates with 1.4.14

Yuri Schaeffer yuri at nlnetlabs.nl
Fri Jul 7 09:33:19 UTC 2017

> On 2nd of July I stopped OpenDNSSEC and emptied
> /usr/local/var/opendnssec/tmp/. Once started, all zones were resigned,
> and I can see the SOA for all zones set to 2017070200 on the public
> DNS.  Since then there was nothing resigned, except for one zone with
> ZSK renewed.

Right. So on the 2nd of July everything was signed from scratch. You
configured a 14 day validity with a 12 hour jitter. If there are no
changes to the zone from now the first signature to expire should be
around the 15th or 16th of July. So this is perfectly expected behaviour.

After some time this jitter will accumulate and spread the expiring of
signatures to a more even distribution. External changes to the zone
will speed up this process.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170707/8b8f4535/attachment.bin>

More information about the Opendnssec-user mailing list