Hi,
I have a question about DNSSEC and "Next key event".
I have created 4 keys (ZSK) in advance. Every key has an active period
of 3 month and are published 3 days before
activation time and inactivated 3 days after.
I have set the following options in named.conf
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
key-directory "/var/named/dyn/keys";
.
.
zone "domain.com" {
type master;
file "dyn/zone.domain.com";
update-policy local;
auto-dnssec maintain;
};
In earlier version of BIND (9.8.0-P4) I would see the following
messages in /var/log/messages when I reloaded BIND.
--------------------------------------------------------------------------------------------
Dec 28 14:04:38 mumin named[18046]: zone domain.com/IN: next key event:
25-Feb-2012 13:30:00.000
--------------------------------------------------------------------------------------------
The date and time for the next key event, in this case, would be the
publication time for the next key.
Now, in BIND version 9.8.1-P1, the following is reported in the
logfile.
------------------------------------------------------------------------------------------
Jan 5 07:39:33 mumin named[2320]: zone domain.com/IN: next key event:
05-Jan-2012 08:39:33.840
Jan 5 08:39:33 mumin named[2320]: zone domain.com/IN: next key event:
05-Jan-2012 09:39:33.842
Jan 5 09:39:33 mumin named[2320]: zone domain.com/IN: next key event:
05-Jan-2012 10:39:33.845
------------------------------------------------------------------------------------------
Next key event is every next hour and NOT when the "real" key change
occur.
Is this correct?
--------
Per-Olof Axelsson
IT-Department
University of BorĂ¥s, Sweden
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
