Requesting tips on setting TTLs so that expired RRSIG data doesn't stay in the zone
GS Bryan
chifuyu at anime.my
Fri Dec 14 11:06:30 UTC 2012
zone "imouto.my" {
type master;
file "zones/imouto.my/imouto.my.conf";
allow-transfer { imoutomy; };
notify yes;
also-notify { <redacted> };
max-journal-size 50k;
key-directory "<redacted>";
inline-signing yes;
auto-dnssec maintain;
};
--
Bryan S.G.
On Fri, Dec 14, 2012 at 6:53 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 12/14/2012 10:48 AM, GS Bryan wrote:
>>
>> Reference: http://dnssec-debugger.verisignlabs.com/imouto.my
>>
>> How to configure named (version BIND 9.9.2-P1-RedHat-9.9.2-2.P1.el5)
>> so that expired RRSIG data doesn't stay in the zone? I heard it has
>> omething to do with the TTL of the zone (the expiry timer in that
>> zone's SOA). The named.conf has the 'sig-validity-interval 21 8;' line
>> it in, so how then I can change the expire timer so that stale RRSIG
>> data doesn't stay in the zone?
>
>
> If everything is working right, you shouldn't need to do anything; what does
> the config for the zone look like?
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list