Axel Rau <axel....@chaos1.de> wrote: > > The tags of the KSKs with their dates are (set with dnssec-settime): > --- > [framail.de/KSK/1699/8(A:2012-05-23T17:55:02, I:2012-05-27T17:55:02, > D:2012-05-28T17:55:02)] > [framail.de/KSK/46210/8(A:2012-05-20T16:55:03, I:2012-05-24T16:55:03, > D:2012-05-25T16:55:03)] > --- > 46210 is inactive and still used to sign DNSKEYs (from dig +dnssec DNSKEY > framail.de. at 2012-05-25T13:55) : > --- > framail.de. 86400 IN RRSIG DNSKEY 8 2 86400 20120622185603 > 20120523175603 46210 framail.de... > framail.de. 86400 IN RRSIG DNSKEY 8 2 86400 20120623175502 > 20120524165502 1699 framail.de... > --- > Shouln't named have ceased signing keys with this key?
The 46210 signature's inception date is 2012-05-23 which is before its key's inactive date 2012-05-24. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Biscay: East 3 or 4, becoming cyclonic 4 or 5, occasionally 6 later. Slight or moderate. Fog patches at first. Moderate or good, occasionally very poor at first. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
