A recommended way to set up a ZSK rollover is to set the inactive date of the current key one month later than the publish date of the replacement key. This makes sense as the RRSIG records are created to last one month from their creation date. Now if I try to speed up the ZSK rollover to make the old ZSK inactive a few days after the replacement key is created (and make the replacement key active at that time), will Bind start makeing new RRSIG records at that time even though the current RRSIG records may have weeks to go.
Tom Schulz Applied Dynamics Intl. sch...@adi.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
