is this "normal" if not what to do about it?
John
john at klam.ca
Tue Jan 27 05:25:58 CET 2015
On 1/26/2015 10:48 PM, Viktor Dukhovni wrote:
> On Mon, Jan 26, 2015 at 09:08:36PM -0500, John wrote:
>
>> There appear to be time differences between the records reported by DIG and
>> the source records on file.
> Dig does not and cannot report the activation and inactivation
> time, so it is hard to see how one might expect anything in dig
> output to agree with either time.
>
> RRsigs report the signature validity interval which should start
> some time after activation, and though generally will end before
> inactivation, may even end after inactivation, if the key inactivation
> time was set (as in Carsten's notes) sufficiently close to that date,
> that existing RRsigs may already be in place that outlive the key
> inactivation.
>
> The initial time of an RRsig will never be outside (activation,
> inactivation) interval, but the final time may lie just beyond.
>
Thanks for the reassurance. I was not sure whether there was a problem
or not. Every test I ran indicated that there was no problem, but being
new and nervous I thought I should ask.
--
John Allen
KLaM
------------------------------------------
Save the whales. Collect the whole set.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4268 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mail.sys4.de/cgi-bin/mailman/private/dane-users/attachments/20150126/5206abbf/attachment-0001.bin>
More information about the dane-users
mailing list