test that expired signatures are rejected #61

japaric · 2024-05-15T10:06:29Z

all these cases

RRSIG.inception > RRSIG.expiration
RRSIG.inception > current_time
current_time > RRSIG.expiration

this is probably easiest to test with a +adflag SOA . query as that does not involve chain of trust validation. see can_validate_without_delegation

The text was updated successfully, but these errors were encountered:

japaric added the dnssec Conformance to DNSSEC RFCs label May 15, 2024

japaric mentioned this issue May 15, 2024

DnssecDnsHandle: check RRSIG validity as per RFC4035 hickory-dns/hickory-dns#2213

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test that expired signatures are rejected #61

test that expired signatures are rejected #61

japaric commented May 15, 2024

test that expired signatures are rejected #61

test that expired signatures are rejected #61

Comments

japaric commented May 15, 2024