[Pdns-users] trying to understand pdns and dnssec
Pieter Lexis
pieter.lexis at powerdns.com
Wed Nov 8 22:30:23 UTC 2017
Hi Eric,
On Wed, 8 Nov 2017 16:53:49 -0500
Eric Beck <ericbeck at cadns.ca> wrote:
(Pushing this mail back to the mailing list)
> So then my understanding is that inception days are written in stone,
> for all pdns servers worldwide, and that it is a server calculated date
> based on Thursdays since the epoch event.
Correct!
> So it is not related to the time of securing the zone, but it is related
> to the "set-in-stone" PDNS inception date. It is not that the inception
> date of RRSIGs is related to the date of securing the zone. (other than
> that a zone secured Nov. 5 (I do remember that's when I did the first
> one) would have an inception date of Oct. 26 rather than Nov.2, based on
> the fact that we serve the RRSIGs during the middle week.
Yes!
> I understand it like that. Thanks for the explanation. I guess I just
> wasn't wrapping my head around that little diagram in the docs along
> with its explanation. Based on that, tonight, Wednesday, November 8 at
> 1900 EST (0000 UTC Nov. 9) I should see the dates changed on the RRSIGs
> served. Much appreciated.
Wonderful. If you like to see any change in wording on the documentation to make this feature more clear:
We welcome suggestions (or pull-requests) on github[1].
Documentation can also be edited directly there[2] (hit the pencil) and github will offer you then to make a pull request.
Best regards,
Pieter
1 - https://github.com/PowerDNS/pdns
2 - https://github.com/PowerDNS/pdns/blob/master/docs/dnssec/modes-of-operation.rst
--
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
More information about the Pdns-users
mailing list