1947. [func] It is now possible to configure named to accept
expired RRSIGs. Default "dnssec-accept-expired no;". Setting "dnssec-accept-expired yes;" leaves named vulnerable to replay attacks. [RT #14685]
Please register or sign in to comment
expired RRSIGs. Default "dnssec-accept-expired no;". Setting "dnssec-accept-expired yes;" leaves named vulnerable to replay attacks. [RT #14685]