Dear Berry, Thank you for your update. It is good to have this issue resolved. Looking forward to checking out your version 2.1.7.
Regards, Erik Østlyngen On 09/03/2020 10.33, Berry A.W. van Halderen wrote: > Dear Erik et all, > > I don't think I'm able to post to the centr-tech mailing list and > my accounts seems to have problems, so I'm cross-posting this to > the opendnssec-user mailing list. > > In summary it has been observed that there are double signatures > during a ZSK roll with pre-publication, in a manner which is > unexpected as this wouldn't be necessary with this type of roll and > is also not seen with OpenDNSSEC 1.4 > > I've looked into this and I'm able to reproduce it. I think this > behavior is indeed not on purpose and something that have creaped > into the behaviour of OpenDNSSEC in the past few patches. > > I've localized the behaviour in the code and can fix this in a > near future patch release. The problem is that signatures of the > ZSK that is going out, are kept for a bit longer time that is > really necessary. > > The drawback is that the size of signed RRSET will be longer than > necessary. Which isn't good, but also doesn't break anything. > > So thanks for the report, and next 2.1.7 will contain the fix. > > With kind regards, Berry van Halderen. > _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
