OHAI GUISE! I'm about to put OpenDNSSEC in a production environment and was about finalising the policy configuration. I have always wondered how to correctly configure the <Parent>-section in the KASP.
Where do i get those timings from exactly? It seems this information is not widespread or easily available. Can i just derive them from DNS queries? For example, for SIDN's .nl ccTLD i would derive from DNS: <PropagationDelay>: PT7200S <DS><TTL>: PT7200S <SOA><TTL>: PT7200S <SOA><Minimum>: PT900S Is it safe to make these assumptions? Sticking with the defaults seems safe but also seems to 'delay' the DNSSEC process unnescessarily. ;) HALP! -Sndr. -- | If you jump off a Paris bridge, you are in Seine. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
