-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Antti,
> I don't see this as a strange approach. In many environments the > zone data is periodically transferred from a provisioning system > to OpenDNSSEC signer and then the signing process is triggered by > issuing "ods-signer sign <zone>" after receiving the unsigned > zone. > > We are also using this approach and we have configured the Resign > interval to P10Y. Rainbows and unicorns. Until you zone content one day didn't change for "validity-jitter" time and signatures start to expire because the signer is not allowed to do regular maintenance. I'm saying, you can do it. But make sure to monitor your unicorns. //Yuri -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlUJVKMACgkQI3PTR4mhaviQIQCgz4tylfd6N/CGmGUL/LSBLPho vk8An0BCNt9gKKarQcMDs5YaF+xL5mn1 =XrK5 -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
