[Opendnssec-develop] Re: [Opendnssec-user] how does auditor calculate delays?

Rickard Bellgrim rickard.bellgrim at iis.se
Wed Jan 26 10:14:00 UTC 2011

On 18 jan 2011, at 10.27, Alex Dalitz wrote:

> Hi Rickard -
>>> Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
>>> but SOA?
>> Yes, that sounds strange. The first ZSK should be pre-published according to this time:
>> Ipub = Dprp + min(TTLsoa, SOAmin)
>> The following ZSK:s should be pre-published using this time:
>> Ipub = Dprp + TTLkey
>> We will have a look at this.
> From the spec (  http://trac.opendnssec.org/wiki/Signer/AuditorRequirements  ) :
> "Give an error if a key is seen in use without it having first been seen as prepublished for a time of at least the zone SOA TTL. [E]"
> Should the specification be changed?

Yes, since that statement is not correct. We can talk more about this on today's conference call.

// Rickard

More information about the Opendnssec-develop mailing list