On 19.12.2013 14:07, Volker Janzen wrote:
<Parent>
<PropagationDelay>PT9999S</PropagationDelay>
<DS>
<TTL>PT3600S</TTL>
</DS>
<SOA>
<TTL>PT172800S</TTL>
<Minimum>PT10800S</Minimum>
</SOA>
</Parent>
And I think this does not match all TLD policies (found already DS
records that are valid for 86400 seconds at TLD level. I'll now check
the TLDs I want to use and use the maximum TTL for the specified values.
In this case I'm able to just check for the DS to be found, call
ds-seen and that should be enough to do
9999 seconds are IMO a bit low - if a name server of the parent zone is
~3 hours behind, validation may fail. I think 3 hours of "out-ofsync"
may happen also for TLDs.
Unfortunately I do not know how the parents SOA TTL+Minimum influences
the rollover. Maybe someone can enlighten us.
regards
Klaus
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
