Next: serial-policy, Previous: dnssec-enable, Up: zones Statement Definition and Grammar [Contents][Index]
Specifies how long should the automatically generated DNSSEC signatures be valid.
Expiration will thus be set as current time (in the moment of signing)
+ signature-lifetime
.
Possible values are from 10801 to INT_MAX. The signatures are refreshed one
tenth of the signature lifetime before the signature expiration (i.e., 3 days
before the expiration with the default value). For information about zone
expiration date, invoke the
knotc zonestatus
command.
Default value: 30d (2592000)