Hi all, there is a KSK roll over running for framail.de. Its a inline-signing maintain configuration, upgraded fron 9.9.0. The tags of the KSKs with their dates are (set with dnssec-settime): --- [framail.de/KSK/1699/8(A:2012-05-23T17:55:02, I:2012-05-27T17:55:02, D:2012-05-28T17:55:02)] [framail.de/KSK/46210/8(A:2012-05-20T16:55:03, I:2012-05-24T16:55:03, D:2012-05-25T16:55:03)] --- 46210 is inactive and still used to sign DNSKEYs (from dig +dnssec DNSKEY framail.de. at 2012-05-25T13:55) : --- framail.de. 86400 IN RRSIG DNSKEY 8 2 86400 20120622185603 20120523175603 46210 framail.de... framail.de. 86400 IN RRSIG DNSKEY 8 2 86400 20120623175502 20120524165502 1699 framail.de... --- Shouln't named have ceased signing keys with this key?
Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
