[Opendnssec-develop] TTL of NSEC3PARAM record?
Roy Arends
roy at nominet.org.uk
Tue Aug 3 09:11:57 UTC 2010
On Aug 3, 2010, at 10:05 AM, Marco Davids (SIDN) wrote:
> (re-post from opendnssec-users list - sorry for the duplicates)
>
> Hi,
>
> Can anyone tell me if and how I can influence the TTL of the NSEC3PARAM
> record?
>
> OpenDNSSEC sets it to 3600 seconds. Why? Is this an LDNS default
> perhaps? If this cannot be changed, would it be an idea to make in
> configurable?
Marco, I do not know if this is configurable or not, but I do have some insights on the purpose of this record.
This record is there to indicate to other authoritative nameservers what parameters it should use to find the appropriate NSEC3 records to build a response. The NSEC3-param record has no utility in resolvers, validators, caches, etc. Hence, the TTL can be an arbitrary value that should not have an impact in processing.
Hope this helps.
Apologies for not been able to directly answer the question.
Roy
More information about the Opendnssec-develop
mailing list