[dns-operations] Problem with BIND 9.9.5 and automatic ZSK rollover?
dns-operations at ml.karotte.org
Tue Jun 10 13:01:36 UTC 2014
* Hauke Lampe <lampe at hauke-lampe.de> [2014-06-10 14:15]:
> The old key stops signing new records after the inactivation date.
> Modified records are signed by the new/active keys only.
> Existing signatures are kept until they need to be refreshed (configured
> with sig-validity-interval) or the key is deleted.
> So you'll probably see new signatures for all records tomorrow.
Ah okay, so it is expected. My fault then.
Thank you for the explanation.
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
More information about the dns-operations