Still seeing some ALG-7 DNSSE
@lbutlr
kremels at kreme.com
Sat Apr 10 23:22:51 UTC 2021
On 06 Apr 2021, at 01:13, Matthijs Mekking <matthijs at isc.org> wrote:
> In 9.16.13, a new "dnssec-policy" option is introduced, "purge-keys". By default the keys are retained for 90 days after their latest usage. So in that case keys will be cleaned up automatically.
Excellent. Does that go in the zone record with default, or does it replace default> I don't see the syntax in the release notes.
Or do I add a
dnssec-policy "default" {
purge-keys 30; // (or is that field seconds?)
}
Or will that mess up the predefined for default?
--
'There has to be enough light,' he panted, 'to see the darkness.'
More information about the bind-users
mailing list