Hi, On 06/29/2012 01:48 PM, Steffan Noord wrote: > Hello list, > > Im new to powerdns > start using it to roll over to DNSSEC > > I signed a test domain with the command > pdnssec secure-zone domain > > When publishing the KSK to the registry it reports that the > Signature is only valid for 14 days (till 12 Juli 2012)
4.2. Signatures In PowerDNS live signing mode, signatures, as served through RRSIG records, are calculated on the fly, and heavily cached. All CPU cores are used for the calculation. RRSIGs have a validity period, in PowerDNS by default this period starts at most a week in the past, and continues at least a week into the future. Precisely speaking, the time period used is always from the start of the previous Thursday until the Thursday two weeks later. This two-week interval jumps with one-week increments every Thursday. Note Why Thursday? POSIX-based operating systems count the time since GMT midnight January 1st of 1970, which was a Thursday. PowerDNS inception/expiration times are generated based on an integral number of weeks having passed since the start of the 'epoch'. ~ http://doc.powerdns.com/powerdnssec.html > > Does this mean that I have to make every 14 days a new KSK key ? no > Is there a option to put in a longer period when creating ? > > Thanxs Steffan > Florian _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
