In a master server, nothing "times out."
In a slave server, a zone can expire.
In a verifier, an RRSIG may no longer be valid. (Or may yet to be valid.)
The absolute times in the start and end date should remain the domain of the parent and the parent alone. The duration between the dates can be subject to the child's wishes, but the absolute times will be a function of the institutionalized time table for signature generation.
At 22:19 +0100 3/15/05, Jakob Schlyter wrote:
On Tue, 15 Mar 2005, Samuel Weiler wrote:
Asking this in a different way: what failure modes do we want to enable for cases when a child does not regularly contact its parent? Do we want to enable allowing the DS to timeout (be removed from the zone), in which case sDate/eDate are probably needed?
Do you want to enable allowing the NS to timeout (be removed from the zone), in case the child doesn't regulary contact its parent? If not, why would you want this with DS?
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar
Achieving total enlightenment has taught me that ignorance is bliss. . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
