caching of expired RRSIG's ?

Jaap Akkerhuis jaap at
Mon Jan 3 09:59:43 UTC 2011

    I agree for the consequence of those "cache misses".
    But doesnot that mean that RFC4035 needs amended to state :
     "remove atomic entry if *all* its RRSIGs get invalid"
    (because now it states : any = "at least one")
    And it implicitly confirms that these statements in the RFC
    do apply to expired RRSIG's in the cache.
You might want to address these questionsto dnsop/dnsex since this
is more a queastion about the RFC then something bind specific.


More information about the bind-users mailing list