Hello Nikolay, On May 20, 2013, at 16:39 , Nikolay Shaplov wrote:
> My powerdns in live-signed mode gives all DNSKEYs with TTLs 3600 and I did > not find any option that will change it. For test purposes I have changed > default-ttl to 3611 it affected all other records, but not DNSKEY. > > DNSKEY TTL value is important while rotating the keys, and I want not to > loose > control on it, but I even do not know where it is set :-) > > Is it hardcoded in C code? DNSKEYs (and also NSEC, NSEC3 and NSEC3PARAM records) get the SOA default/minimum TTL. This is the last field in a full SOA. For example: ns1.example.com. ahu.example.com. 2013051701 28800 7200 604800 86411 yields example.com. 86411 IN DNSKEY 257 3 8 AwEAAY/SfP... Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
