Hi Stephane,
On 10/16/2009 09:28 AM, Stephane Bortzmeyer wrote:
> keltia.net is signed, is in DLV an the signatures are expired since yesterday.
>
> Yet, Unbound 1.3.2 accepts it and flags it as authentic:
24 hour signature skew, default allowed to allow for time-zone
misconfigurations. Config val-sig-skew-min and val-sig-skew-max.
Unbound allows a skew of max10% of the signature TTL, that value
must be between 1 hour and 24 hours (see config items to change).
Best regards,
Wouter