While investigating why a bind signer and an opendnssec signer ended up with a different SOA record from the same unsigned zone, I found that opendnssec modified the SOA's TTL.
It's behaviour is defined in the kasp.xml <SOA> section that provides the override, but does not seem to have an option "keep" (like it does for the serial) I would prefer to not have to hardcode a TTL value outside of the unsigned zone file. If this ever changes, someone will forget to update the kasp.xml to match the unsigned zonefile's SOA TTL value. Is there a reason why opendnssec wants to take over control of this value? Paul _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
