On 4 Jul 2012, at 16:19, Miek Gieben wrote: > [ Quoting <[email protected]> in "[Opendnssec-user] RRSIG for hobby.n..." ] >> Hi i have problem with rrsig’s that are expiring. >> >> In the kaspl it states that the rrsig’s must be refresh 3d before they >> expire. >> >> But opendnssec doesn’t refresh them. > > isn't the jitter also in play here? I.e. In the worst case they expire > 3 +12 hours day
I thought of that. But even including the jitter, I had signatures which were well outside of the time when they should have been refreshed. As previously mentioned I've been too busy to look into it, and wasn't overly concerned as ODS never let any signatures expire. Scott
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
