[Opendnssec-develop] TTL for signatures

Rick van Rein rick at openfortress.nl
Thu Aug 11 11:53:43 UTC 2011


Hey,

> I think we should go for the second option.

+1

> Apart from that, MaxZoneTTL
> might be a better name than just TTL.

+1


I am still confused about making the option mandatory though.

We're changing a hardcoded default into a configurable option,
and all of a sudden all users who upgrade OpenDNSSEC are then
"punished" by being forced into studying documentation while
new users will have a smooth ride because the configfiles contain
the default.  Rather than causing people to read docs, I'm pretty
sure that they'll just copy the mandatory new attribute from the
default configs, so they end up (as do the new users) with a setup
that works due to reasonable defaults, even if they don't fully
understand it.  Since it's been working for them all along with
a hardcoded setting, it seems strange to bother them now that we
decided to make it more flexible.

IMHO, making the attribute mandatory conflicts with the pushbutton
ideal, and it doesn't add any direct usefulness as far as I can tell.

Still, we discussed it yesterday, so I'm merely sharing my
confusion over what we concluded.  I'll leave it to others to
pickup on this if they agree with me.


Cheers,
 -Rick



More information about the Opendnssec-develop mailing list