Hi As I'm making my way through the docs and cooking up a policy for my domains, I have a few questions. I've migrated my cajones.org test domain from GANDI.net to GKG.net, so now I can add DS records. Has anyone else used this registrar before? Are they any good?
Anyway, I couldn't find any information about GKG's DNSSEC policies,
so I'm still a bit in the dark about the TTLs...
The default policy lists this:
<Parent>
<PropagationDelay>PT9999S</PropagationDelay>
<DS>
<TTL>PT3600S</TTL>
</DS>
<SOA>
<TTL>PT172800S</TTL>
<Minimum>PT10800S</Minimum>
</SOA>
</Parent>
I concluded that I should use 3600 for the TTL.
The GKG.net site has a much higher default: 3456000, which is 40 days,
see attached screendump.
I filled in 3600 and waited, but now the DS shows up with 86400 in .org:
[visser@cajones ~]$ dig @a0.org.afilias-nst.info. cajones.org ds
; <<>> DiG 9.7.0-P1 <<>> @a0.org.afilias-nst.info. cajones.org ds
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38029
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;cajones.org. IN DS
;; ANSWER SECTION:
cajones.org. 86400 IN DS 64517 8 2
8EC95A8D32F7D40CF253C8FB016285B9FEAA76DCFEBDBC4D825E511A 3E884849
;; Query time: 307 msec
;; SERVER: 2001:500:e::1#53(2001:500:e::1)
;; WHEN: Sat Mar 3 10:09:59 2012
;; MSG SIZE rcvd: 77
Any ideas what might be going on here?
Could it be that GKG has a default of 40 days, and will override
anything lower than 1 day to 1 day?
Thanks!!
--
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands
<<attachment: gkgnetds1.PNG>>
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
