Discussion:
[Opendnssec-user] resign interval
Iván García
2018-01-12 08:28:04 UTC
Permalink
Hi all,

IÂŽm confused with Resign interval in kasp.xml:


<Signatures>
<Resign>PT6H</Resign>


In documentation:


- <Resign> is the re-sign interval, which is the interval between runs
of the Signer Engine


Should be the same as the Signer Engine? For example if i have a job that
is signing the zone every 3 hour... Resign should be 3H?


Thanks a lot,
Ivan Garcia Gonzalo.
Yuri Schaeffer
2018-01-12 08:44:46 UTC
Permalink
Hi Ivan,
* <Resign> is the re-sign interval, which is the interval between runs
of the Signer Engine
Should be the same as the Signer Engine? For example if i have a job
that is signing the zone every 3 hour... Resign should be 3H? 
Yes. The enforcer uses this value to compute how long it takes to sign
all records with a new key. It should be the same as the resign interval
of your signer.

//Yuri
Iván García
2018-01-12 09:32:25 UTC
Permalink
Thanks Yuri :)

I received any errors in nsec3 records... and i think that is because
Resign ( and Jitter too.. ) values are greater than Signer Engine.


Thanks!
Iván.
Post by Yuri Schaeffer
Hi Ivan,
* <Resign> is the re-sign interval, which is the interval between runs
of the Signer Engine
Should be the same as the Signer Engine? For example if i have a job
that is signing the zone every 3 hour... Resign should be 3H?
Yes. The enforcer uses this value to compute how long it takes to sign
all records with a new key. It should be the same as the resign interval
of your signer.
//Yuri
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
Loading...