[Opendnssec-develop] Re: [Opendnssec-user] how does auditor calculate delays?
Alex Dalitz
AlexD at nominet.org.uk
Tue Jan 18 09:27:52 UTC 2011
Hi Rickard -
>> Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
>> but SOA?
>
> Yes, that sounds strange. The first ZSK should be pre-published according to this time:
> Ipub = Dprp + min(TTLsoa, SOAmin)
>
> The following ZSK:s should be pre-published using this time:
> Ipub = Dprp + TTLkey
>
> We will have a look at this.
>From the spec ( http://trac.opendnssec.org/wiki/Signer/AuditorRequirements ) :
"Give an error if a key is seen in use without it having first been seen as prepublished for a time of at least the zone SOA TTL. [E]"
Should the specification be changed?
Thanks,
Alex.
More information about the Opendnssec-develop
mailing list