mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-23 19:38:56 -04:00
18dc27afd3
While kasp relies on key states to determine when a key needs to be published or be used for signing, the keytimes are used by operators to get some expectation of key publication and usage. Update the code such that these keytimes are set appropriately. That means: - Print "PublishCDS" and "DeleteCDS" times in the state files. - The keymgr sets the "Removed" and "PublishCDS" times and derives those from the dnssec-policy. - Tweak setting of the "Retired" time, when retiring keys, only update the time to now when the retire time is not yet set, or is in the future. This also fixes a bug in "keymgr_transition_time" where we may wait too long before zone signatrues become omnipresent or hidden. Not only can we skip waiting the sign delay Dsgn if there is no predecessor, we can also skip it if there is no successor. Finally, this commit moves setting the lifetime, reducing two calls to one. |
||
|---|---|---|
| .. | ||
| bind9 | ||
| dns | ||
| irs | ||
| isc | ||
| isccc | ||
| isccfg | ||
| ns | ||
| samples | ||
| win32/bindevt | ||
| .gitignore | ||
| Makefile.am | ||
| unit-test-driver.sh.in | ||