[Opendnssec-user] [centr-tech] Question about OpenDNSSEC and migration to version 2

Erik P. Ostlyngen erik at norid.no
Mon Mar 9 10:17:49 UTC 2020

Dear Berry,

Thank you for your update. It is good to have this issue resolved.
Looking forward to checking out your version 2.1.7.

Erik Østlyngen

On 09/03/2020 10.33, Berry A.W. van Halderen wrote:
> Dear Erik et all,
> I don't think I'm able to post to the centr-tech mailing list and
> my accounts seems to have problems, so I'm cross-posting this to
> the opendnssec-user mailing list.
> In summary it has been observed that there are double signatures
> during a ZSK roll with pre-publication, in a manner which is
> unexpected as this wouldn't be necessary with this type of roll and
> is also not seen with OpenDNSSEC 1.4
> I've looked into this and I'm able to reproduce it.  I think this 
> behavior is indeed not on purpose and something that have creaped
> into the behaviour of OpenDNSSEC in the past few patches.
> I've localized the behaviour in the code and can fix this in a
> near future patch release.  The problem is that signatures of the
> ZSK that is going out, are kept for a bit longer time that is
> really necessary.
> The drawback is that the size of signed RRSET will be longer than 
> necessary.  Which isn't good, but also doesn't break anything.
> So thanks for the report, and next 2.1.7 will contain the fix.
> With kind regards, Berry van Halderen.

More information about the Opendnssec-user mailing list