RFC5011 : 30days add-holddown timer
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Mon Aug 21 09:48:16 UTC 2017
Hi Daisuke HIGASHI,
Yes that is a bug, it should not be in ADDPEND but in VALID. This was
caused by unbound checking the signature as well as the DS hash for the
installed keys. I have patched this and a new version is released
(1.6.5) for this fix.
Best regards, Wouter
On 16/08/17 18:46, Daisuke HIGASHI via Unbound-users wrote:
> Hi,
>
> In the moment unbound-anchor(8) creates root,key file that contains
> new KSK trust anchor as ADDPEND state. Does it take 30 days to update
> new key’s state to VALID ?
>
> (If so, new Unbound installation after 11 Sep (30days to the KSK roll)
> fail to update trusted sets until KSK roll?)
>
> Regards,
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20170821/ad8aaae2/attachment.bin>
More information about the Unbound-users
mailing list