RFC5011 : 30days add-holddown timer
wouter at nlnetlabs.nl
Mon Aug 21 09:48:16 UTC 2017
Hi Daisuke HIGASHI,
Yes that is a bug, it should not be in ADDPEND but in VALID. This was
caused by unbound checking the signature as well as the DS hash for the
installed keys. I have patched this and a new version is released
(1.6.5) for this fix.
Best regards, Wouter
On 16/08/17 18:46, Daisuke HIGASHI via Unbound-users wrote:
> In the moment unbound-anchor(8) creates root,key file that contains
> new KSK trust anchor as ADDPEND state. Does it take 30 days to update
> new key’s state to VALID ?
> (If so, new Unbound installation after 11 Sep (30days to the KSK roll)
> fail to update trusted sets until KSK roll?)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users