DNSSEC key rollover failure

Mark Andrews marka at isc.org
Fri Jun 17 22:54:45 UTC 2011

The only thing I would change is making the deletion happen
sig-validity-interval after the inactivation of the key.  The idea
is to have a gradual replacement of signatures as they normally
fall due for re-signing.


Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list