Dear opendnssec users,
I am confused about the following behaviour of opendnssec.
I noticed that the signature validity time gets added to the retire
period for keys. I am wondering why this is ?
I have a TTL of 1 hour for the keys. My signature validity time is 28
days. With a TTL of 1H for the keys I think that normally it would be
safe for the old ZSK to stay in the retire state for a few hours and
then be marked dead. But now it wil be in the retire state for 28 days.
I think this is strange. Or am I missing something ?
With kind regards
--
Maurice Mahieu
System Engineer | [email protected] <mailto:[email protected]>
info.nl <http://www.info.nl> /connecting the dots/
<http://www.info.nl/nl?utm_source=e-mail_sig&utm_medium=e-mail&utm_term=connecting_the_dots&utm_campaign=info_sig>
Sint Antoniesbreestraat 16 | 1011 HB Amsterdam | +31 (0)20 530 91 11
<tel:+31205309111>
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
