[Opendnssec-develop] Missing TTLs in zone files
Matthijs Mekking
matthijs at NLnetLabs.nl
Mon Oct 19 13:37:12 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I agree with this also, with two minor comments (see below) and if no
objections, I will modify the signer to act this way.
So the preference order is:
1. if type is SOA: SOA TTL from the xml configuration
2. explicit TTL
3. $TTL directive
4. SOA Minimum from the xml configuration
5. SOA Minimum from the unsigned zone file
Matthijs
Jakob Schlyter wrote:
> On 19 okt 2009, at 15.12, Roy Arends wrote:
>
>> No I don't. It seems it is _implemented_ this way, grew organically
>> the way it is, and now we're defending the 'choice' for these defaults.
>>
>> I suggest: In absence of an explicit TTL and a $TTL directive, the SOA
>> Minimum from the policy is used (Zone/SOA/TTL).
Zone/SOA/TTL -> SOA/Minimum from the signer configuration (which should
match the Zone/SOA/Minimum from kasp.xml)
>> If the SOA Minimum is not defined in the policy, then use the zone's
>> SOA Minumum field value.
>
> I agree.
>
>> Furthermore, make the policy statement (Zone/SOA/TTL) optional.
>
> +1
>
>
> jakob
>
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJK3GuDAAoJEA8yVCPsQCW5irAIAKi2TeAb2iR+Y2jPwVWRkGFg
e8utyvAo7yXXlMfLQwHUBmfmCfM8J3WvAi+2Jx93ZOiwSc8oM6uF4z7GTqSBetzy
cWxD31vE1hAC4TnVXhPdVHO7WAdZqHBXjHTGZ7co60FvLBmAAtrm0r6kbyc5n79M
aLXJr3w6p0tQXDPbFh0Ex0oxv2/8u20GTP/9sR39/aOB+uA3G7Jo5WuKZFHs6LtI
9vtal+PDMJvTu9/gVCum+Y7XVB/+iZ56QHBIVFnoyuU1SUpgr+0fQGv6okkoPHua
4WloFvXHoB4oa0Gh6AsGeTkRtq0RGjgJ2l2qDnLfz0dVmPhkkUn1WOPwjP6A9WU=
=BakM
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list