On 19 March 2012 17:54, Casper Gielen <[email protected]> wrote:
>> This got me thinking, what happens if an error or something means we don't
>> regenerate our zone for a few hour or even days... will the signatures just
>> become invalid since the enforcerd can't update them?
>
> It depends on the policy set in kasp, but yes, that's the gist of it.
It might be worth adding these kind of important implications as
comment in the default config files and to the docs.
The information itself is there all-right, but it doesn't really stand out.
Ideally a policy should be based on such real-world questions
("Maximum time for your zone to live without maintenance? ")
(Nagios) monitoring plugins should also keep an eye on it of course...
--
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
