[Opendnssec-develop] Missing TTLs in zone files
Matthijs Mekking
matthijs at NLnetLabs.nl
Mon Oct 19 10:13:51 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> We had thought that maybe *all* of the RRs should take the default of
> the SOA Minimum? (i.e. the SOA RR, and all other RRs)
I looked it up and that seems to be the proper action, according to RFC
1034:
A key item in the SOA is the 86400 second minimum TTL, which means that
all authoritative data in the zone has at least that TTL, although
higher values may be explicitly specified.
Best regards,
Matthijs
Alexd at nominet.org.uk wrote:
> Hi -
>
> I have been sent a few zone files where the problem seems to be a
> missing TTL. No TTLs are defined in RRs, and the $TTL directive is missing.
>
> The signer seems to deal with this by assigning the SOA RR a TTL of 0,
> and assigning a TTL of 3600 (which is from the SOA Minimum field) to the
> remaining RRs.
>
> Is this the correct behaviour? Should the auditor also do this?
>
> We had thought that maybe *all* of the RRs should take the default of
> the SOA Minimum? (i.e. the SOA RR, and all other RRs)
>
> Thanks,
>
>
> Alex.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJK3DvUAAoJEA8yVCPsQCW5ZJQH/1nAtrnTM/Sq/6pZlvfOxMKO
gCND7FgoSmHsO2DU3fYNsR9xkXMNZUqesefSPJ19aQUPKcoHBaHOgW5E0SjYAEjQ
DPiZyuONGTdJQVESs2wAQPQ7ffr+8zud+zSf1GIE7mFiCsFXNqOY8yDOxFN+BSfB
8CBJ45q1fwsRswdmCUeutJUpW98vWkMSa8/VERN17I34viEby9J3A7STipZlAApf
7pf6kxcYHIBTfX1EXMYeEhXrahL0dhkKq/X1FOFlbyDV/pelcpTKgJRbjGOfVBW+
yxC0xRd5lyutNoHs0eCWovanbFfNKCk6n7OnKt49WUyobRtuS3Q6GjrDE8j22Yk=
=bZd6
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list