Skip to content
Snippets Groups Projects
Commit 998268c9 authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman
Browse files

dnssec: rrsig-refresh: warn if too low

parent 9d7a56a6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/knot/dnssec/zone-events.c
+ 4
0
View file @ 998268c9
......@@ -188,6 +188,10 @@ int knot_dnssec_zone_sign(zone_update_t *update,
goto done;
}
if (ctx.policy->rrsig_refresh_before < ctx.policy->zone_maximal_ttl + ctx.policy->propagation_delay) {
log_zone_warning(zone_name, "DNSSEC, rrsig-refresh too low to prevent expired RRSIGs in resolver caches");
}
result = load_zone_keys(&ctx, &keyset, true);
if (result != KNOT_EOK) {
log_zone_error(zone_name, "DNSSEC, failed to load keys (%s)",
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment