[dns-operations] [DNSSEC] Signature lifetime

Mark Andrews marka at isc.org
Wed Jun 23 21:53:39 UTC 2010

Previous message (by thread): [dns-operations] [DNSSEC] Signature lifetime
Next message (by thread): [dns-operations] [DNSSEC] Signature lifetime
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Signature life time should be greater than (RRset ttl + SOA expire)
or else you will have caches handing out RRsets that do no validate.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

Previous message (by thread): [dns-operations] [DNSSEC] Signature lifetime
Next message (by thread): [dns-operations] [DNSSEC] Signature lifetime
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dns-operations mailing list