Op 09-01-13 15:31, [email protected] schreef: > Would it make more sense to query DNS to verify that it really and truly > has been published rather than assuming it has based on some timer?
It depends on your environment. While you can query all authorative servers you probably don't know every DNS-cache that might store this information. However, an additional check may be usefull under some circumstances. Maybe even a combination "wait 1 more hour after the key is first seen on the dns-server" -- Casper Gielen <[email protected]> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
