ZSK rollover detail needed.
Thomas Schulz
schulz at adi.com
Thu Feb 18 19:42:53 UTC 2016
A recommended way to set up a ZSK rollover is to set the inactive date of
the current key one month later than the publish date of the replacement key.
This makes sense as the RRSIG records are created to last one month from
their creation date.
Now if I try to speed up the ZSK rollover to make the old ZSK inactive
a few days after the replacement key is created (and make the replacement
key active at that time), will Bind start makeing new RRSIG records at that
time even though the current RRSIG records may have weeks to go.
Tom Schulz
Applied Dynamics Intl.
schulz at adi.com
More information about the bind-users
mailing list