[Opendnssec-develop] How to handle TTL < SOA Minimum

Matthijs Mekking matthijs at NLnetLabs.nl
Wed Jul 28 08:55:59 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yesterday I read RFC 2308 again (didn't had that on top of my head), and
that actually deprecates the use of SOA MINIMUM as the floor TTL.

Also, the signer should use the lowest TTL of the RRset.

Matthijs

On 07/28/2010 07:59 AM, Jakob Schlyter wrote:
> On 23 jul 2010, at 10.42, Alex Dalitz wrote:
> 
>>>>
>>>> Now it comes, this is a TTL that is lower than the SOA MINIMUM. How
>>>> should we handle those TTLs? Must the signer use the explicit TTL or the
>>>> SOA MINIMUM in this case? I think so.
>>>
>>> I think so too.
>>
>> To avoid any confusion : I think the SOA Minimum should be used in this case - NOT the explicit TTL.
> 
> how does BIND handle this?
> 
> I'm usually a believer in "garbage in, garbage out", so my gut feeling is that the signer should use the explicit TTL.
> 
> 	jakob
> 
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMT/CeAAoJEA8yVCPsQCW5RlsH/1TCdxTHidz840Wo5LS+Xi1g
LJy6q+gQ8bjVvJU/Z3EX9MpG6Dpj3o5JMPAMqc/PCy+Zr5r//2qs5AyAQpBYjzCw
gDDkeO54viXd9XFs+BD+Nex02EpYptsCWW99Zr4D491u99mbYE8xv08bFjI8YRu7
VG7aA10PTCX3M2/5/3G9M2JHdqdgQ6lw8gAR1lVUE1wv35A3aF47UlewrCKZExiG
4whRaGtMhCyAxgeuVbMQEa++IJySnK0jLiExNa7dDs2o42BT5seJnhXVMmr6GQvL
dXbMFFuKNxazyL80yi3ZmTNNPFIrwaHxvENdBdlqLWRWWRpTVczHj1V0UOHYOUI=
=w7H4
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list