----- Original Message ----- > Lawrence K. Chen, P.Eng. <lkc...@ksu.edu> wrote: > > > > And, the prior ZSK was 14565 > > > > ; This is a zone-signing key, keyid 14565, for ksu.edu. > > ; Created: 20130601090000 (Sat Jun 1 04:00:00 2013) > > ; Publish: 20130601090007 (Sat Jun 1 04:00:07 2013) > > ; Activate: 20130601090007 (Sat Jun 1 04:00:07 2013) > > ; Revoke: 20130901090000 (Sun Sep 1 04:00:00 2013) > > ; Inactive: 20130915090000 (Sun Sep 15 04:00:00 2013) > > I think your problem here is that the inactive date is after the > revoke > date, so the key will still be used to sign the zone after it has > been > revoked. > > > ; Delete: 20130929090000 (Sun Sep 29 04:00:00 2013) > > ksu.edu. IN DNSKEY 256 3 8 > > AwEAAc1HU7nrlgFeGLZSgHCytd+BItSNgR5gY4iemDCAX9+z+cpyq/Pe > > 52kLuFxDjCj89EzdjKFDGAkPRDPImWlTQLCr3WQl8g5SIOs67bBR72hv > > q2tHmgpK+/j9Z4yqLRyld/Kpl2FRNWc7dvqh8i+Sd0or5WrLO3ocftS1 t3rQaznB > > > > Where is 14693 coming from? > > It is the same key as 14565 but the addition of the revoke bit has > changed > the tag. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at > first. > Rough, becoming slight or moderate. Showers, rain at first. Moderate > or good, > occasionally poor at first. >
Okay, I found where it says 128 is added. As for the timing, the documentation says: Publish: date key is to be published. After this date, the key will be included in the zone but not used to sign it. default is now. Activate: date key is to be activated. After this date, the key will be included in the zone and used to sign it. default is now. Revoked: date key is to be revoked. After this date, the key will be flagged as revoked. It will be included in the zone and used to sign it. Inactive: date key is to be retired. After this date, the key will still be included in the zone, but it will not be used to sign it. Delete: date key is to be deleted. After this date, the key will no longer be included in the zone. That makes it sound like Revoke comes before Inactive, so the dates are right. IIRC, the 2 week spacing comes from the zone TTL being 4 weeks. So what could be causing other ISPs like comcast to not work now? -- Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator For: Enterprise Server Technologies (EST) -- & SafeZone Ally Snail: Computing and Telecommunications Services (CTS) Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102 Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkc...@ksu.edu Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
