On Fri, Jul 7, 2017 at 11:33 AM, Yuri Schaeffer <[email protected]> wrote: > > Right. So on the 2nd of July everything was signed from scratch. You > configured a 14 day validity with a 12 hour jitter. If there are no > changes to the zone from now the first signature to expire should be > around the 15th or 16th of July. So this is perfectly expected behaviour. > > After some time this jitter will accumulate and spread the expiring of > signatures to a more even distribution. External changes to the zone > will speed up this process.
Many thanks Yuri. I was confused by 1.4.6 behavior then, because it does sign all zones every day (same config). Perhaps it was actually fixed somewhere after 1.4.6, and this is now expected. On another subject: since we're planning to update the production environment in any case, would you recommend to switch to 2.1.1, or it's still considered as a development branch? Thank you and have a nice weekend. _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
