is this "normal" if not what to do about it?
Viktor Dukhovni
ietf-dane at dukhovni.org
Tue Jan 27 04:48:01 CET 2015
On Mon, Jan 26, 2015 at 09:08:36PM -0500, John wrote:
> There appear to be time differences between the records reported by DIG and
> the source records on file.
Dig does not and cannot report the activation and inactivation
time, so it is hard to see how one might expect anything in dig
output to agree with either time.
RRsigs report the signature validity interval which should start
some time after activation, and though generally will end before
inactivation, may even end after inactivation, if the key inactivation
time was set (as in Carsten's notes) sufficiently close to that date,
that existing RRsigs may already be in place that outlive the key
inactivation.
The initial time of an RRsig will never be outside (activation,
inactivation) interval, but the final time may lie just beyond.
--
Viktor.
More information about the dane-users
mailing list