Requesting tips on setting TTLs so that expired RRSIG data doesn't stay in the zone

Phil Mayers p.mayers at imperial.ac.uk
Fri Dec 14 10:53:31 UTC 2012


On 12/14/2012 10:48 AM, GS Bryan wrote:
> Reference: http://dnssec-debugger.verisignlabs.com/imouto.my
>
> How to configure named (version BIND 9.9.2-P1-RedHat-9.9.2-2.P1.el5)
> so that expired RRSIG data doesn't stay in the zone? I heard it has
> omething to do with the TTL of the zone (the expiry timer in that
> zone's SOA). The named.conf has the 'sig-validity-interval 21 8;' line
> it in, so how then I can change the expire timer so that stale RRSIG
> data doesn't stay in the zone?

If everything is working right, you shouldn't need to do anything; what 
does the config for the zone look like?



More information about the bind-users mailing list