caching of expired RRSIG's ?
jaap at NLnetLabs.nl
Mon Jan 3 09:59:43 UTC 2011
I agree for the consequence of those "cache misses".
But doesnot that mean that RFC4035 needs amended to state :
"remove atomic entry if *all* its RRSIGs get invalid"
(because now it states : any = "at least one")
And it implicitly confirms that these statements in the RFC
do apply to expired RRSIG's in the cache.
You might want to address these questionsto dnsop/dnsex since this
is more a queastion about the RFC then something bind specific.
More information about the bind-users