I noted the same behaviour but being my first OpenDNSSEC installation I thought it was me that was doing something wrong.
regards Carlos On 1/13/11 12:08 PM, Rickard Bellgrim wrote: > On 13 jan 2011, at 13.41, Gilles Massen wrote: > >> Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand, >> but SOA? > Yes, that sounds strange. The first ZSK should be pre-published according to > this time: > Ipub = Dprp + min(TTLsoa, SOAmin) > > The following ZSK:s should be pre-published using this time: > Ipub = Dprp + TTLkey > > We will have a look at this. > >> As a certainly unwanted sideeffect, the auditor (or the calling process) >> didn't like that situation at all, as the auditor started to go over the >> affected zones over and over again (restarting immediately after each run). > The signer have a back off mechanism for doing re-tries. 1 minute, 2 minutes, > 4 minutes.... > > // Rickard > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -- Carlos M. Martinez LACNIC I+D PGP KeyID 0xD51507A2 Phone: +598-2604-2222 ext. 4419
<<attachment: carlos.vcf>>
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
