Hi Matthijs, > If you have a Refresh period of 3 days, a Resign period of 12 hours, > and a Signature Validity of 14 days, then you should let nagios check > that a signature does not expire within 10.5 days (14 - 3 - 0.5).
what I did today was setting Refresh to P13D. As far as I understand the docs this should resign all records that's signatures will expire in less than 13 days. With a validity of 14 days, it should refresh the signatures every day. I issued "ods-ksmutil update kasp", OpenDNSSEC did a resign and minutes later Nagios stopped complaining. I'll wait and check the logs and signatures in a few days to see what's happening. Regards Volker _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
