Steffan,
> When publishing the KSK to the registry it reports that the
> Signature is only valid for 14 days (till 12 Juli 2012)
The KSK itself, being a key, never expires. (It call roll, i.e. you can
replace it whenever you wish - AS LONG AS YOU PUBLISH YOUR DS RECORD AT
THE REGISTRY -, but it doesn't expire; sorry for shouting, but that's
important!)
> Does this mean that I have to make every 14 days a new KSK key ?
> Is there a option to put in a longer period when creating ?
Not at all. What your parent (i.e. your registry) is telling you is that
the RRSIG validity is 14 days only. This isn't typically a problem
because PowerDNS will re-sign the records before that period is reached.
I recommend you read the documentation [1] carefully
-JP
[1]: http://doc.powerdns.com/powerdnssec-auth.html
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
