mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-10 10:11:39 -04:00
63edc4435f
There are a couple of cases where the safety intervals are added inappropriately: 1. When setting the PublishCDS/SyncPublish timing metadata, we don't need to add the publish-safety value if we are calculating the time when the zone is completely signed for the first time. This value is for when the DNSKEY has been published and we add a safety interval before considering the DNSKEY omnipresent. 2. The retire-safety value should only be added to ZSK rollovers if there is an actual rollover happening, similar to adding the sign delay. 3. The retire-safety value should only be added to KSK rollovers if there is an actual rollover happening. We consider the new DS omnipresent a bit later, so that we are forced to keep the old DS a bit longer. |
||
|---|---|---|
| .. | ||
| check | ||
| confgen | ||
| delv | ||
| dig | ||
| dnssec | ||
| named | ||
| nsupdate | ||
| plugins | ||
| rndc | ||
| tests | ||
| tools | ||
| Makefile.am | ||