[Pdns-users] trying to understand pdns and dnssec

Pieter Lexis pieter.lexis at powerdns.com
Wed Nov 8 22:30:23 UTC 2017

Hi Eric,

On Wed, 8 Nov 2017 16:53:49 -0500
Eric Beck <ericbeck at cadns.ca> wrote:

(Pushing this mail back to the mailing list)

> So then my understanding is that inception days are written in stone,
> for all pdns servers worldwide, and that it is a server calculated date
> based on Thursdays since the epoch event.


> So it is not related to the time of securing the zone, but it is related
> to the "set-in-stone" PDNS inception date.  It is not that the inception
> date of RRSIGs is related to the date of securing the zone.  (other than
> that a zone secured Nov. 5 (I do remember that's when I did the first
> one) would have an inception date of Oct. 26 rather than Nov.2, based on
> the fact that we serve the RRSIGs during the middle week.


> I understand it like that.  Thanks for the explanation.  I guess I just
> wasn't wrapping my head around that little diagram in the docs along
> with its explanation.  Based on that, tonight, Wednesday, November 8 at
> 1900 EST (0000 UTC Nov. 9) I should see the dates changed on the RRSIGs
> served.  Much appreciated.

Wonderful. If you like to see any change in wording on the documentation to make this feature more clear:
We welcome suggestions (or pull-requests) on github[1].
Documentation can also be edited directly there[2] (hit the pencil) and github will offer you then to make a pull request.

Best regards,


1 - https://github.com/PowerDNS/pdns
2 - https://github.com/PowerDNS/pdns/blob/master/docs/dnssec/modes-of-operation.rst

Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com

More information about the Pdns-users mailing list