[dns-operations] Too long a DS lifetime
rubensk at nic.br
Thu Apr 19 20:25:34 UTC 2018
I'm trying to figure out why a name (www.cnj.jus.br) is not being accepted when DNSSEC validation is turned on in Unbound. DNSViz shows no warnings; Zonemaster shows this warning:
RRSIG with keytag 35131 and covering type(s) SOA expires at : Thu Mar 22 15:26:57 2068.
RRSIG with keytag 35131 and covering type(s) SOA has a remaining validity of 1575486469 seconds, which is too long.
Is there an upper bound (a) specified in RFCs or (b) adopted by Unbound ?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 528 bytes
Desc: Message signed with OpenPGP
More information about the dns-operations