On Wed, 17 Aug 2011, Marc Lampo wrote:
It looks like once DNSSEC'd data validates correctly,
that version of Bind will keep reusing that data (until TTL expires).
Or when the RRSIG expiry time is reached, whichever comes first.
While it may make sense, to save on CPU cycles,
I am unsure if
Marc Lampo marc.la...@eurid.eu wrote:
Meaning that that it actually does not re-verify,
once data was found to be OK and allowed in the cache.
The point of a cache is to avoid network round trips to re-fetch or
re-validate data while it is in the cache. The DNS protocol tells the
cache how
Yes. It is correct behavior.
There is no revoke method for a publisher. I don't think adding one would be
wise.
--Michael (from an iPhone)
On Aug 17, 2011, at 7:18, Marc Lampo marc.la...@eurid.eu wrote:
Hello,
Experimenting with key roll-over timing conditions,
with a Bind 9.7.3
3 matches
Mail list logo