Hello Caspar, On 06/22/2011 11:49 AM, Casper Gielen wrote: > My logs regularly show them message "ZSK ... in use too long" as in > example below. I thought this was a problem. A little investigation > shows that this key has already been retired. > So my conclusion is that everything is fine.
I notice this regularly, and my conclusion is the same: no harm. Tt seems that the auditor has a stricter interpretation of a key's lifetime, and uses <Lifetime>, but the signed zones may contain signatures up to <Lifetime>+<Validity>-<Refresh>. Best, Gilles -- Fondation RESTENA - DNS-LU 6, rue Coudenhove-Kalergi L-1359 Luxembourg tel: (+352) 424409 fax: (+352) 422473 _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
