[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r3726 - trunk/OpenDNSSEC/auditor/lib

Alex Dalitz alexd at nominet.org.uk
Wed Aug 11 11:15:56 CEST 2010


Author: alex
Date: 2010-08-11 11:15:56 +0200 (Wed, 11 Aug 2010)
New Revision: 3726

Modified:
   trunk/OpenDNSSEC/auditor/lib/kasp_checker.rb
Log:
Removing check of DNSKEy and SOA TTL against SOA Minimum (Pivotal 4408234)

Modified: trunk/OpenDNSSEC/auditor/lib/kasp_checker.rb
===================================================================
--- trunk/OpenDNSSEC/auditor/lib/kasp_checker.rb	2010-08-11 08:59:05 UTC (rev 3725)
+++ trunk/OpenDNSSEC/auditor/lib/kasp_checker.rb	2010-08-11 09:15:56 UTC (rev 3726)
@@ -412,17 +412,6 @@
               }
             }
 
-            # 15. Error if DNSKEY TTL or SOA TTL is lower than SOA Minimum.
-            soa_minimum = get_duration(policy, 'Zone/SOA/Minimum', kasp_file)
-            key_ttl = ttl_secs
-            soa_ttl = get_duration(policy, 'Zone/SOA/TTL', kasp_file)
-            if (key_ttl < soa_minimum)
-              log(LOG_ERR, "DNSKEY TTL (#{key_ttl}) is lower than SOA Minimum (#{soa_minimum}) for #{name} policy")
-            end
-            if (soa_ttl < soa_minimum)
-              log(LOG_ERR, "SOA TTL (#{soa_ttl}) is lower than SOA Minimum (#{soa_minimum}) for #{name} policy")
-            end
-
             # Get the denial type (NSEC or NSEC3)
             denial_type = nil
             if (policy.elements['Denial/NSEC'])




More information about the Opendnssec-commits mailing list