[Pdns-users] trying to understand pdns and dnssec
Eric Beck
ericbeck at cadns.ca
Wed Nov 8 19:47:36 UTC 2017
Oops, I had digest set and didn't realize ... couldn't see replies
unless on web at pdns-users
Ok, sorted out that, and will get replies directly now too.
I have read both replies, and I did read that section of the docs but
that is in part what is confusing. If the start date is supposed to be
the last Thursday, then a zone that I secured today, should have it's
start date as the 2nd of Novmeber (last Thursday). That's not the case.
The RRSIGs as noted in the post are showing Oct 26
As per the docs,
"RRSIGs have a validity period, in PowerDNS this period is 3 weeks. This
period starts at most a week in the past, and continues at least a week
into the future"
As well the first domain we secured was done perhaps before last
Thursday, Nov. 2 (I can't remember), so I could understand that it may
have it's inception date set at October 26 according to the docs. But
the one we just secured today, it makes no sense that it has an
inception date of Oct. 26
Eric
More information about the Pdns-users
mailing list