-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > So would it be okay to change timing/ttl parameters in the policy > itself?
Well... You could do it but you need to be careful. It gets tricky when you reduce a TTL in the KASP. Some resolvers may cache some records too long (the old TTL), missing a rollover and declare your zone bogus. >> OpenDNSSEC pre-generates keys for later use. Likely a formerly >> generated but unused key was still available. > > But the keylist was empty (there are no other zones in the zonelist > at the moment) and the zone was not signed at all. Key list will only show keys that are in use by being assigned to a zone . //Yuri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlW3RW8ACgkQI3PTR4mhavg9KACbBESDgXDsM2gNjRmcYcTg+TzU gT0An0bm+DO6EPdVBkmjbOjjS2pYe0H1 =JOMK -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
