On 14/11/12 14:56, Thomas Dupas wrote: > Hi everyone, > > Is there an (intended) hard limit on the max ksk lifetime, in opendnssec > 1.4.0 b1? > > I wanted to extend the default 1Y lifetime to 2Y .. but opendnssec didn't > agree with me: > "WARNING: In policy default, Y used in duration field for Keys/KSK Lifetime > (P2Y) in /etc/opendnssec/kasp.xml - this will be interpreted as 365 days" > > If I want it to be indefinite / untill it is deemed necessary, should I put > it to 10Y, or 0, or ..? > > Br, > > Thomas_______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
That message is just warning that the "Y" is read as 365 days, so it doesn't know about leap-years. The maximum key lifetime is determined by the size of an int on your system, for 32 bit systems this equates to ~68 years. Sion _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
