• Jan Včelák's avatar
    DNSSEC: refresh signatures earlier · 704e2bff
    Jan Včelák authored
    The signatures are now refreshed (signature_lifetime / 10) seconds
    before their expiration. The default signature lifetime is 30 days,
    therefore the signatures are refreshed 3 days before their expiration.
    The parameter 'expires_at' in signing functions was renamed to 'refresh_at',
    as the name was misleading.
    The signing policy structure was cleaned and helper functions were added.
    DNSSEC event logging was changed from relative to absolute value, because
    the intervals are much longer now.
Knot.files 6.68 KB