Apologies, it appears that I sent this reply to Tom directly.
Forwarded Message
Hi Tom,
That seems to be a copy paste error yes. Thanks for catching, will fix.
There is another max-zone-ttl option that is used to cap TTLs of records
added via dynamic updates.
Best regards,
On Tue, Sep 21, 2021 at 03:11:30PM +0200, Tom wrote:
> The documentation says, that "any record encountered with a TTL higher
> than max-zone-ttl is capped at the maximum permissible TTL value".
>
> Is the documentation wrong here?
It does appear to be wrong, yes.
It also differs from the
Hi Matthijs
Thank you for your explanation.
The documentation says, that "any record encountered with a TTL higher
than max-zone-ttl is capped at the maximum permissible TTL value".
Is the documentation wrong here?
Thank you.
Kind regards,
Tom
On 21.09.21 09:47, Matthijs Mekking wrote:
Hi Tom,
The max-zone-ttl is there to calculate the right timings for key
rollovers. It won't alter the zone TTL values.
You should set the max-zone-ttl to whatever the highest TTL is in your
zone to make sure key rollovers timings are correct.
This value exists until we have added code to
Hi list
Testing dnssec-policy with BIND-9.16.21:
I'd like to better understand the "max-zone-ttl"-directive.
So I defined "max-zone-ttl 3600s;" within the dnssec-policy-options, but
when I configure the default zone TTL or even a ressource record TTL
higher than the "max-zone-ttl" (for
5 matches
Mail list logo
