Hi,
I'm running into a strange issue where when signing a zone with re-using signatures, that sometimes 1 RRSIG record ends up with a validity time of almost nothing. This happens for instance when signing (and re-using sigs) using "-i 1296000 -e +2592000 -j 2592000" as part of the dnssec-signzone command. I am not entirely sure, but it seems this might be a "one error per zone" as I've never seen more then one of these signatures. Wether I'm signing a zone with 10 entries or 1.2M entries. This can be seen by running the same dnssec-signzone command twice in row. A warning then sometimes appears stating "warning signature has expired" This is using bind 9.6.1 Paul _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
