is this "normal" if not what to do about it?

John john at
Wed Jan 28 02:12:40 CET 2015

On 1/27/2015 5:42 PM, Viktor Dukhovni wrote:
> On Tue, Jan 27, 2015 at 05:30:26PM -0500, John wrote:
> However, if I look a little closer I see that my RRSIG has a life of about
> 30 days. I don't remember specifying any times when I signed my zones, plus
> I am now using inline signing.
> That's what I'm talking about.  The 30 day lifetime is likely a
> default if you don't override it.  It is likely best to leave it
> that way, unless you have stricter security requirements and the
> operational capability to work within a more narrow expiration
> window.
Darn you Mr Dukhovni, there I was drifting along in blissful ignorance, 
now you have made think ;) Now I have to investigate 
sig-validity-interval, ha well.

With inline signing, how much extra work do you think will/would be 

John Allen
An empty stomach is not a good political adviser.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4268 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the dane-users mailing list