> egrep -i "serial|SOA" /var/opendnssec/signed/example.info > example.info. 300 IN SOA dns.example.com. > soacontact.example.com. 1482169654 7200 1800 604800 300 > example.info. 300 IN RRSIG SOA 8 2 300 > 20161219184751 20161219164734 38544 example.info. pib...U= > > shouldn't the 'unixtime' format be used consistently/unchanged in the > RRSIG SOA record as well?
You are mixing two concepts. The SOA record indeed has a unixtime serial like you specified. The timestamps you see in the RRSIG SOA (or any other RRSIG in your zone) are *not* serial numbers. They represent the actual times in which between this signature is valid. The SOA serial format is available for creative uses since the only requirement is that it increases for each zone version. The RRSIG timestamps are not to be tampered with. Regards, Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
