X-Mailer: MIME-tools 5.508 (Entity 5.508) Content-Type: text/plain; charset="utf-8" To: bind9-public@isc.org From: michal@isc.org Content-Disposition: inline Message-ID: Content-Transfer-Encoding: binary Date: Wed, 11 Oct 2017 13:10:07 +0200 Subject: Automated trust anchor updates may be delayed due to cached RRsets X-RT-Interface: Web MIME-Version: 1.0 X-RT-Original-Encoding: utf-8 Content-Length: 388 named ignores a DNSKEY RRset received in an RFC 5011 refresh response if there is a non-expired, validated version of that DNSKEY RRset available in the cache. In other words, any changes published on the authoritative servers for a given trust point (e.g. adding new keys, revoking ones already published) are not acted upon by named until the TTL of the relevant cache entry expires.