Fwd: [Opendnssec-develop] Re: [Opendnssec-user] how does auditor calculate delays?

Alex Dalitz AlexD at nominet.org.uk
Tue Jan 25 09:06:34 UTC 2011


Begin forwarded message:

From: Alex Dalitz <AlexD at nominet.org.uk<mailto:AlexD at nominet.org.uk>>
Date: 18 January 2011 09:27:52 GMT
To: Rickard Bellgrim <rickard.bellgrim at iis.se<mailto:rickard.bellgrim at iis.se>>
Cc: "opendnssec-develop at lists.opendnssec.org<mailto:opendnssec-develop at lists.opendnssec.org>" <opendnssec-develop at lists.opendnssec.org<mailto:opendnssec-develop at lists.opendnssec.org>>
Subject: [Opendnssec-develop] Re: [Opendnssec-user] how does auditor calculate delays?

Hi Rickard -

Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
but SOA?

Yes, that sounds strange. The first ZSK should be pre-published according to this time:
Ipub = Dprp + min(TTLsoa, SOAmin)

The following ZSK:s should be pre-published using this time:
Ipub = Dprp + TTLkey

We will have a look at this.

>From the spec (  http://trac.opendnssec.org/wiki/Signer/AuditorRequirements  ) :

"Give an error if a key is seen in use without it having first been seen as prepublished for a time of at least the zone SOA TTL. [E]"

Should the specification be changed?


Opendnssec-develop mailing list
Opendnssec-develop at lists.opendnssec.org<mailto:Opendnssec-develop at lists.opendnssec.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20110125/31f7c86d/attachment.htm>

More information about the Opendnssec-develop mailing list