On Wed, 24 Jul 2013, Matthijs Mekking wrote:
At nameserver-side, giving non-zero TTL for NSEC3PARAM records
might be an workaround against this issue.
Unfortunately OpenDNSSEC decided to set zero-TTL
to NSEC3PARAM of signing zones [1].
[1] https://issues.opendnssec.org/browse/OPENDNSSEC-330
FYI: We are going back to default TTL in the upcoming patch versions for
OpenDNSSEC 1.3 and 1.4
Please make this a configurable option. It will otherwise cause issues
for people who run/compare a dual signer setup with bind.
Paul
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
