[Unbound-users] Expired RRSIGs, yet still "AD" flag set
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Mar 30 12:44:13 UTC 2011
On Wed, Mar 30, 2011 at 01:54:44PM +0200,
Hauke Lampe <lampe at hauke-lampe.de> wrote
a message of 57 lines which said:
> I have a case here where RRSIGs expired, yet Unbound still sets the
> "AD" flag in responses.
What is your value of val-sig-skew-min and val-sig-skew-max? By
default, Unbound allows expired signatures for 10 % of their validity
period.
More information about the Unbound-users
mailing list