In message <201602181942.u1ijgrkf001...@dolphin.adi.com>, Thomas Schulz writes: > A recommended way to set up a ZSK rollover is to set the inactive date of > the current key one month later than the publish date of the replacement key. > This makes sense as the RRSIG records are created to last one month from > their creation date. > Now if I try to speed up the ZSK rollover to make the old ZSK inactive > a few days after the replacement key is created (and make the replacement > key active at that time), will Bind start makeing new RRSIG records at that > time even though the current RRSIG records may have weeks to go.
Named will replace RRSIG records as they fall due for re-signing. The key(s) used to re-sign them depend upon which ones are marked active at that time. Named will not proactively replace RRSIG records unless explictly told to via rndc. > Tom Schulz > Applied Dynamics Intl. > sch...@adi.com > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
