Hi John On 3/10/16, 7:15 AM, "John Curran" <[email protected]> wrote:
>On Mar 9, 2016, at 8:50 PM, Mark Kosters <[email protected]> wrote: >> ... >>>> For dnssec I suppose you'd be doing the above but pulling rrsig for >>>> the SOA and making sure they are all the same. >> >> What we want to do is to catch it before the sig expires. Do you have >>any >> ideas? > >Mark - > > How often is that refreshed and what the is signature lifetime? In the normal course of operations, zones are generated six times a day to accommodate zone snippets from other RIRs. These snippets are included in the zone, signed, and pushed out to the authoritative servers from the distribution master. Any changes made to the zone between the zone generation intervals are pushed out by ixfr. Regardless if what time it is, if you make any delegation changes within ARIN Online, these changes are normally reflected on our authoritative servers within five minutes. The DNSSEC signatures are currently set to expire 14 days and 1 hour from the time signed by the Secure64 box. Thanks, Mark _______________________________________________ arin-tech-discuss mailing list [email protected] http://lists.arin.net/mailman/listinfo/arin-tech-discuss
