Modified lower limit of signature lifetime.

Set to 10800s (see reasoning in issue #155).

refs #155

1 files changed, 6 insertions, 4 deletions

diff --git a/samples/knot.full.conf b/samples/knot.full.conf
index e7f7b5bfc..c334b975f 100644
--- a/samples/knot.full.conf
+++ b/samples/knot.full.conf
@@ -260,12 +260,13 @@ zones {
   # dnssec-keydir "keys";
 
   # Validity period for DNSSEC signatures
-  # Possible values: (7200..INT_MAX> (seconds)
+  # Possible values: <10801..INT_MAX> (seconds)
   # Default value: 30d (30 days or 2592000 seconds)
   # It is also possible to suffix with unit size [s/m/h/d]
   # f.e. 1s = 1 day, 1m = 1 minute, 1h = 1 hour, 1d = 1 day
   # The lower limit is because the server will trigger resign when any of the
-  # signatures expires in less than 7200 seconds.
+  # signatures expires in less than 7200 seconds and it was chosen as a 
+  # reasonable value with regard to signing overhead.
   # signature-lifetime 30d;
 
   # Zone entry
@@ -322,12 +323,13 @@ zones {
     # dnssec-enable on;
 
     # Validity period for DNSSEC signatures
-    # Possible values: (7200..INT_MAX> (seconds)
+    # Possible values: <10801..INT_MAX> (seconds)
     # Default value: 30d (30 days or 2592000 seconds)
     # It is also possible to suffix with unit size [s/m/h/d]
     # f.e. 1s = 1 day, 1m = 1 minute, 1h = 1 hour, 1d = 1 day
     # The lower limit is because the server will trigger resign when any of the
-    # signatures expires in 7200 seconds or less.
+    # signatures expires in 7200 seconds or less and it was chosen as a 
+    # reasonable value with regard to signing overhead.
     # signature-lifetime 30d;
 
     # XFR master server