Re: NGtrans - DNSext joint meeting, call for participation

Mark . Andrews Sat, 28 Jul 2001 00:35:54 -0700


        Third time lucky ...

>       Dan,
>            your claim is that you have to re-sign every record in
>       a zone daily to achieve a 1 day replay window.  I'm stating
>       that you can achieve the same protection without re-signing
>       every record daily.
> 
>       Pre change:
>       example.com KEY alpha
>       example.com SIG KEY expire=200107292257 (1 day)
>       host.example.com A 1.2.3.4
>       host.example.com SIG A expire=200108272257 (30 days)
> 
>       Post change:
>       example.com KEY beta
>       example.com SIG KEY expire=200107072258 (1 day)

        This should have been
        example.com SIG KEY expire=200107292258 (1 day)

>       host.example.com A 1.2.3.5
>       host.example.com SIG A expire=200108272258 (30 days)
> 
>       Please explain how you can verify
>       host.example.com A 1.2.3.4
>         host.example.com SIG A expire=200108272257
>       after 200107292257.
> 
>       Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [EMAIL PROTECTED]

Re: NGtrans - DNSext joint meeting, call for participation

Reply via email to