On 13 jan 2011, at 13.41, Gilles Massen wrote: > Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand, > but SOA?
Yes, that sounds strange. The first ZSK should be pre-published according to this time: Ipub = Dprp + min(TTLsoa, SOAmin) The following ZSK:s should be pre-published using this time: Ipub = Dprp + TTLkey We will have a look at this. > As a certainly unwanted sideeffect, the auditor (or the calling process) > didn't like that situation at all, as the auditor started to go over the > affected zones over and over again (restarting immediately after each run). The signer have a back off mechanism for doing re-tries. 1 minute, 2 minutes, 4 minutes.... // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
