Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-907

quicker roll on RefreshInterval==0

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: future
    • Component/s: Enforcer
    • Labels:
      None

      Description

      Reported on the userlist by Emil Natan. When refreshInterval is 0 the signer will not do a smooth transition but will generate all signatures every time. In this case the validity of the signatures need not be taken in to account and rollovers can be quicker.

      Proposal:

      if (keystate->type == DBW_RRSIG
      && getstate(key, DBW_DNSKEY)->state == OMNIPRESENT
      && ((next_state == OMNIPRESENT && zsk_out)

      (next_state == HIDDEN && zsk_in)))
      {
      returntime_keystate = addtime(returntime_keystate,
      policy->signatures_jitter
      IF SIGNATURES_RESIGN != 0
      + max(policy->signatures_validity_default,
      policy->signatures_validity_denial)
      END
      + policy->signatures_resign
      • policy->signatures_refresh);
        }

        Attachments

          Activity

            People

            Assignee:
            yuri Yuri Schaeffer
            Reporter:
            yuri Yuri Schaeffer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: