[Opendnssec-develop] Missing TTLs in zone files

Stephen.Morris at nominet.org.uk Stephen.Morris at nominet.org.uk
Mon Oct 19 10:44:47 UTC 2009

Ray.Bellis at nominet.org.uk wrote on 19/10/2009 11:34:13:

> > Hi Ray, 
> > 
> > Where do modern implementations get their 'default TTL' value from 
> > if the per record TTL and TTL directives are omitted? 
> Damned good question.  RFC 2308 appears to be silent on that issue, 
except to say: 
> "Where a server does not require RRs to include the TTL value 
explicitly, it 
> should provide a mechanism, ** not being the value of the MINIMUM field 
of the
> SOA record **, from which the missing TTL values are obtained." (my 
> Ray 

Two options:

1) Add an entry in the policy configuration file to specify a default TTL. 
(This fits in with the idea of "providing a mechanism from which the 
missing TTL values are obtained".)

2) Flag it as an error.  If a user is telling OpenDNSSEC to sign a zone 
and hasn't specified a TTL, and OpenDNSSEC doesn't allow a default TTL to 
be specified, how can the user expect to get anything other than a random 

Although my gut instinct is to go for (2), I think (1) might be more 
acceptable, especially in the case of thousands of zones all being signed 
using the same policy.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20091019/cb133b68/attachment.htm>

More information about the Opendnssec-develop mailing list