+--On 24 octobre 2011 13:16:12 +0200 Peter Olsson <p...@leissner.se> wrote: | (Now what will happen when there are cached records out there | with the purged ZSK? Is there a risk of complete zone failure, | should I remove DS and start DNSSec fresh?)
Well, compare the DS TTL and the RRSIG TTL, you'll have your answer, but I think the former has longer TTL than the second. (It was the case for me, and was simpler to for a complete resign of the zone and wait for the storm to pass.) -- Mathieu Arnold _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
