[Opendnssec-develop] Missing TTLs in zone files
Stephen.Morris at nominet.org.uk
Stephen.Morris at nominet.org.uk
Mon Oct 19 10:44:47 UTC 2009
Ray.Bellis at nominet.org.uk wrote on 19/10/2009 11:34:13:
> > Hi Ray,
> >
> > Where do modern implementations get their 'default TTL' value from
> > if the per record TTL and TTL directives are omitted?
>
> Damned good question. RFC 2308 appears to be silent on that issue,
except to say:
>
> "Where a server does not require RRs to include the TTL value
explicitly, it
> should provide a mechanism, ** not being the value of the MINIMUM field
of the
> SOA record **, from which the missing TTL values are obtained." (my
emphasis).
>
> Ray
Two options:
1) Add an entry in the policy configuration file to specify a default TTL.
(This fits in with the idea of "providing a mechanism from which the
missing TTL values are obtained".)
2) Flag it as an error. If a user is telling OpenDNSSEC to sign a zone
and hasn't specified a TTL, and OpenDNSSEC doesn't allow a default TTL to
be specified, how can the user expect to get anything other than a random
value?
Although my gut instinct is to go for (2), I think (1) might be more
acceptable, especially in the case of thousands of zones all being signed
using the same policy.
Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20091019/cb133b68/attachment.htm>
More information about the Opendnssec-develop
mailing list