3 Říj
2017
3 Říj
'17
4:54
André, how do you sign the zone? Is Knot DNS master or slave in your
configuration? Generally, the DNS server is agnostic to the contents of the
zone - whatever is there gets served.
Ondřej
On Mon, 2 Oct 2017, 17.35 André Keller, <ak(a)list.ak.cx> wrote:
Hi,
we have a DNSSEC enabled zone, for which knot serves RRSIGs with expire
date in the past (expired on Sept 13th) and signed by a no longer active
ZSK. The correct RRSIGs (uptodate and signed with the current ZSK) are
served as well, so the zone still works.
Is there a way to purge these outdated RRSIGs from the database?
Regards
André
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
--
Ondřej Surý <ondrej(a)sury.org>