[Opendnssec-develop] How to handle TTL < SOA Minimum
matthijs at NLnetLabs.nl
Wed Jul 28 08:55:59 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Yesterday I read RFC 2308 again (didn't had that on top of my head), and
that actually deprecates the use of SOA MINIMUM as the floor TTL.
Also, the signer should use the lowest TTL of the RRset.
On 07/28/2010 07:59 AM, Jakob Schlyter wrote:
> On 23 jul 2010, at 10.42, Alex Dalitz wrote:
>>>> Now it comes, this is a TTL that is lower than the SOA MINIMUM. How
>>>> should we handle those TTLs? Must the signer use the explicit TTL or the
>>>> SOA MINIMUM in this case? I think so.
>>> I think so too.
>> To avoid any confusion : I think the SOA Minimum should be used in this case - NOT the explicit TTL.
> how does BIND handle this?
> I'm usually a believer in "garbage in, garbage out", so my gut feeling is that the signer should use the explicit TTL.
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop