Hi Dick, On 03/03/12 10:43, Dick Visser wrote: > I see that in kasp.xml a couple of values from the input zone are overridden. > For TTL and Minimum of the SOA record, I want these to be just the > same as my input zone, but AFAIK there is no way to do this, other > than manually filling in the same value.
The reason for this manual work is in the design of OpenDNSSEC. The enforcer deals with concepts of keys and policies while the signer does actual work on the data. Therefore it is decided that the enforcer does not need or care about the data (your zonefiles). This is unfortunately not entirely true. To make decisions about the speed and order of events the enforcer needs to know these values. > The Serial value has an option "keep" which keeps whatever is in the input > zone. > Would it be an idea to have this option also for TTL and Minimum? The signer is the only part parsing the zone file right now. Supporting this is not trivial. Regards, Yuri > If such an option would exists, it should be a sane default as well, > so it would make sense to have the default policy configured like that > too... -- Yuri Schaeffer NLnet Labs http://www.nlnetlabs.nl _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
