On Thu, Oct 03, 2019 at 01:55:04PM -0400, Viktor Dukhovni wrote:
> Probably NTAs based on such data should have a much shorter shelf-life
> than two years, and require some explicit re-confirmation.
You are probably aware that RFC 7646 recommends that NTAs should not
have a lifetime of more than 1 week.
Implementations differ in performing validation tests during NTA
lifetime, and caching entries past NTA removal vs. what's in the RFC.
It is advisable to perform SOA validation as recommended by the RFC
periodically during the lifetime of the NTA.
Mukund
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
