Hi, I have a question about DNSSEC and "Next key event".
I have created 4 keys (ZSK) in advance. Every key has an active period of 3 month and are published 3 days before activation time and inactivated 3 days after. I have set the following options in named.conf dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; key-directory "/var/named/dyn/keys"; . . zone "domain.com" { type master; file "dyn/zone.domain.com"; update-policy local; auto-dnssec maintain; }; In earlier version of BIND (9.8.0-P4) I would see the following messages in /var/log/messages when I reloaded BIND. -------------------------------------------------------------------------------------------- Dec 28 14:04:38 mumin named[18046]: zone domain.com/IN: next key event: 25-Feb-2012 13:30:00.000 -------------------------------------------------------------------------------------------- The date and time for the next key event, in this case, would be the publication time for the next key. Now, in BIND version 9.8.1-P1, the following is reported in the logfile. ------------------------------------------------------------------------------------------ Jan 5 07:39:33 mumin named[2320]: zone domain.com/IN: next key event: 05-Jan-2012 08:39:33.840 Jan 5 08:39:33 mumin named[2320]: zone domain.com/IN: next key event: 05-Jan-2012 09:39:33.842 Jan 5 09:39:33 mumin named[2320]: zone domain.com/IN: next key event: 05-Jan-2012 10:39:33.845 ------------------------------------------------------------------------------------------ Next key event is every next hour and NOT when the "real" key change occur. Is this correct? -------- Per-Olof Axelsson IT-Department University of BorĂ¥s, Sweden _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users