Commits (4)
-
Witold Krecicki authored
When doing regular signing expiry time is jittered to make sure that the re-signing times are not clumped together. This expands this behaviour to expiry times of dynamically added records. When incrementally re-signing a zone use the full jitter range if the server appears to have been offline for greater than 5 minutes otherwise use a small jitter range of 3600 seconds. This will stop the signatures becoming more clustered if the server has been off line for a significant period of time (> 5 minutes). Manually edits: resolve conflicts, replace isc_random_uniform with isc_random_jitter. (cherry picked from commit 6b2fd402)
d3477086 -
Matthijs Mekking authored
Test jitter distribution in NSEC3 dynamic zone and for a zone that has old signatures. In both cases the generated signatures should be spread nicely. (cherry picked from commit 540b90fd)
eea53c91 -
Ondřej Surý authored1d176205
-
Matthijs Mekking authorede44a9020
Showing