is this "normal" if not what to do about it?

John john at
Tue Jan 27 05:25:58 CET 2015

On 1/26/2015 10:48 PM, Viktor Dukhovni wrote:
> On Mon, Jan 26, 2015 at 09:08:36PM -0500, John wrote:
>> There appear to be time differences between the records reported by DIG and
>> the source records on file.
> Dig does not and cannot report the activation and inactivation
> time, so it is hard to see how one might expect anything in dig
> output to agree with either time.
> RRsigs report the signature validity interval which should start
> some time after activation, and though generally will end before
> inactivation, may even end after inactivation, if the key inactivation
> time was set (as in Carsten's notes) sufficiently close to that date,
> that existing RRsigs may already be in place that outlive the key
> inactivation.
> The initial time of an RRsig will never be outside (activation,
> inactivation) interval, but the final time may lie just beyond.
Thanks for the reassurance.  I was not sure whether there was a problem 
or not. Every test I ran indicated that there was no problem, but being 
new and nervous I thought I should ask.

John Allen
Save the whales. Collect the whole set.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4268 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the dane-users mailing list