Re: DNSSEC and automatic renewal of RRSIG-expiration-time

Tom wrote: > Does the "inline-signing"-mechanism also automatically renew the > expiration-time of the RRSIGs? Yes. > If so: When or in which interval does BIND verify the expiration-times > of the RRSIGs and renew them? The documentation for sig-validity-interval says renewal time is 1/4 of t

DNSSEC and automatic renewal of RRSIG-expiration-time

Hi list Using latest BIND (9.12.1) with dnssec and inline-signing enabled. SIG-VALIDITY-INTERVAL is set to 1 day (for testing). Look the following RRSIG: test01.example.com. 300 IN RRSIG A 8 3 300 ( 20180504060124 20180503052321 1 test01.example.com. rUch7bFR18Nmaeu+gqS29fG8oTPQm1SIBe9