[dns-operations] [DNSSEC] Signature lifetime

Mark Andrews marka at isc.org
Wed Jun 23 21:53:39 UTC 2010


Signature life time should be greater than (RRset ttl + SOA expire)
or else you will have caches handing out RRsets that do no validate.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list