[Opendnssec-user] Zone updates with 1.4.14
Roman Serbski
mefystofel at gmail.com
Fri Jul 7 10:23:33 UTC 2017
On Fri, Jul 7, 2017 at 11:33 AM, Yuri Schaeffer <yuri at nlnetlabs.nl> wrote:
>
> Right. So on the 2nd of July everything was signed from scratch. You
> configured a 14 day validity with a 12 hour jitter. If there are no
> changes to the zone from now the first signature to expire should be
> around the 15th or 16th of July. So this is perfectly expected behaviour.
>
> After some time this jitter will accumulate and spread the expiring of
> signatures to a more even distribution. External changes to the zone
> will speed up this process.
Many thanks Yuri.
I was confused by 1.4.6 behavior then, because it does sign all zones
every day (same config). Perhaps it was actually fixed somewhere after
1.4.6, and this is now expected.
On another subject: since we're planning to update the production
environment in any case, would you recommend to switch to 2.1.1, or
it's still considered as a development branch?
Thank you and have a nice weekend.
More information about the Opendnssec-user
mailing list