hi, I made a test about the DS RR and DLV RR, and i found something strange: i set the period of validity of the DS RRs or DLV RRs to 10 minites when signning the parent's zones, just as bellow:
*dnssec-signzone -r /dev/urandom -t -o dlv.com -s 20090810153200 -e 20090810154200 -k Kdlv.com.+005+27238.private dlv.com.zone Kdlv.com.+005+28152.private* And after about more than 10 minites from the starting of signature, when i looked up a NS or A record with the dig on the recursive server, it still returned the information back with the "ad" flag. but the RRSIG of the DLV RR(or RRSIG of the DS RR)has expired, so i think the bind may not check the validity of the RRSIG about the DS RR or DLV RR. So, i want to confirm this problem. Thanks! -- --------------------------------------------------------- Xudong email:xudon...@gmail.com Beijing,China ---------------------------------------------------------
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
