[Pdns-users] trying to understand pdns and dnssec

Peter Thomassen peter at desec.io
Wed Nov 8 17:03:01 UTC 2017


Hi Eric,

On 11/08/2017 05:59 PM, Eric Beck wrote:
> What I don't understand, is that this particular domain we just secured
> today.  The RRSIG expiry is 16 Nov.  and it says the valid from is Oct. 26.
From the last sub-section of
https://doc.powerdns.com/md/authoritative/dnssec/#online-signing (named
"Signatures"):

> RRSIGs have a validity period, in PowerDNS by default this period starts at most a week in the past, and continues at least a week into the future.
> 
> Precisely speaking, the time period used is always from the start of the previous Thursday until the Thursday two weeks later. This two-week interval jumps with one-week increments every Thursday.

Stay secure,
Peter

-- 
OpenPGP Fingerprint: 7963 D427 FD32 AC6F D20F D0B1 EFD6 143A 3EF2 2D2F

deSEC
https://desec.io/

Vertreten durch: Dr. Peter Thomassen, Nils Wisiol

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20171108/0d7ad454/attachment.sig>


More information about the Pdns-users mailing list