Control: forwarded -1 https://gitlab.isc.org/isc-projects/bind9/issues/625
--
Ondřej Surý
ond...@sury.org
> On 24 Oct 2018, at 21:59, Peter Palfrader wrote:
>
> To reproduce:
>
>
> mkdir example.com
> cd example.com
> faketime -f '-1y' /usr/sbin/dnssec-keygen -f KSK -K . -a RSASHA256 -3
To reproduce:
mkdir example.com
cd example.com
faketime -f '-1y' /usr/sbin/dnssec-keygen -f KSK -K . -a RSASHA256 -3 -b 2048
example.com
key=$(faketime -f '-1y' /usr/sbin/dnssec-keygen -K . -a RSASHA256 -3 -b 1024
-I +120d -D +150d example.com)
first=$key
lt=120
for i in `seq 1 5`; do
Package: bind9utils
Version: 1:9.10.3.dfsg.P4-12.3+deb9u4
Severity: normal
Tags: patch
We regularly rotate our ZSKs, and just recently we started removing old
.key files from our keydir.
The oldest remaining ZSK now has a published date in the past, and an
activation date also in the past but
3 matches
Mail list logo