Hi all, This isn't probably the very right forum for this question, but as I know that there are some TLDs using OpenDNSSEC, this might be of a common interest.
I just began wondering the actual TTL of the DS records in the root zone versus the documented TTL. Different documents (e.g. [1,2]) state that the DS TTL in the root zone would be 24 hours, but the reality shows that the TTL is actually 48 hours. I don't know if this is a great issue or am I perhaps missing something, but hopefully different TLDs using OpenDNSSEC have taken this into account with their KASP config (at least if they rely on OpenDNSSEC timings when rolling KSK). [1] https://www.iana.org/dnssec/icann-dps.txt [2] http://www.root-dnssec.org/wp-content/uploads/2010/06/vrsn-dps-00.txt Antti _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
