RFC5011 : 30days add-holddown timer

W.C.A. Wijngaards wouter at nlnetlabs.nl
Mon Aug 21 09:48:16 UTC 2017

Hi Daisuke HIGASHI,

Yes that is a bug, it should not be in ADDPEND but in VALID.  This was
caused by unbound checking the signature as well as the DS hash for the
installed keys.  I have patched this and a new version is released
(1.6.5) for this fix.

Best regards, Wouter

On 16/08/17 18:46, Daisuke HIGASHI via Unbound-users wrote:
> Hi,
>   In the moment unbound-anchor(8) creates root,key file that contains
> new KSK trust anchor as ADDPEND state. Does it take 30 days to update
> new key’s state to VALID ?
> (If so, new Unbound installation after 11 Sep (30days to the KSK roll)
> fail to update trusted sets until KSK roll?)
> Regards,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20170821/ad8aaae2/attachment.bin>

More information about the Unbound-users mailing list