To:
edlewis@arin.net (Edward Lewis)
Cc:
bmanning@isi.edu, edlewis@arin.net, dnssec@cafax.se
From:
Bill Manning <bmanning@isi.edu>
Date:
Tue, 15 Oct 2002 10:51:52 -0700 (PDT)
In-Reply-To:
<a05111b22b9d202355c0b@[192.149.252.227]> from Edward Lewis at "Oct 15, 2 01:45:13 pm"
Sender:
owner-dnssec@cafax.se
Subject:
Re: troubleshooting...
% > the sig validity periods are different, then I want to be % > able to use that to troubleshoot. The fix is to correct % > the problem (increment the serial) and resign. Would like % > to verify that these steps are the appropriate in identifing % > this particular problem. % % This is part of where I think DNSSEC hasn't been simplified enough % just yet. E.g., when I'm running a registry zone (new term, meaning % a zone a'la 192.in-addr.arpa or .nl) I will constantly be resigning % it just because of the new key sets being streamed in. The gotcha is % that I still need to 'vi' the file to alter that stinkin' serial % number even though I'm not altering the original zone file - and % that's just counter-intuitive. Grumble. I'm going to go over there % and sit on that rock for a a while and sulk. bingbingbing... before we bolt a "no user serviceable parts inside" plate on the secured DNS, you might want to take away my need for the 'vi' monkeywrench. % Edward Lewis +1-703-227-9854 -- --bill