[Opendnssec-user] [centr-tech] Question about OpenDNSSEC and migration to version 2
Erik P. Ostlyngen
erik at norid.no
Mon Mar 9 10:17:49 UTC 2020
Dear Berry,
Thank you for your update. It is good to have this issue resolved.
Looking forward to checking out your version 2.1.7.
Regards,
Erik Østlyngen
On 09/03/2020 10.33, Berry A.W. van Halderen wrote:
> Dear Erik et all,
>
> I don't think I'm able to post to the centr-tech mailing list and
> my accounts seems to have problems, so I'm cross-posting this to
> the opendnssec-user mailing list.
>
> In summary it has been observed that there are double signatures
> during a ZSK roll with pre-publication, in a manner which is
> unexpected as this wouldn't be necessary with this type of roll and
> is also not seen with OpenDNSSEC 1.4
>
> I've looked into this and I'm able to reproduce it. I think this
> behavior is indeed not on purpose and something that have creaped
> into the behaviour of OpenDNSSEC in the past few patches.
>
> I've localized the behaviour in the code and can fix this in a
> near future patch release. The problem is that signatures of the
> ZSK that is going out, are kept for a bit longer time that is
> really necessary.
>
> The drawback is that the size of signed RRSET will be longer than
> necessary. Which isn't good, but also doesn't break anything.
>
> So thanks for the report, and next 2.1.7 will contain the fix.
>
> With kind regards, Berry van Halderen.
>
More information about the Opendnssec-user
mailing list