[Opendnssec-develop] Re: [Opendnssec-user] how does auditor calculate delays?
Rickard Bellgrim
rickard.bellgrim at iis.se
Wed Jan 26 10:14:00 UTC 2011
On 18 jan 2011, at 10.27, Alex Dalitz wrote:
> Hi Rickard -
>
>>> Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
>>> but SOA?
>>
>> Yes, that sounds strange. The first ZSK should be pre-published according to this time:
>> Ipub = Dprp + min(TTLsoa, SOAmin)
>>
>> The following ZSK:s should be pre-published using this time:
>> Ipub = Dprp + TTLkey
>>
>> We will have a look at this.
>
> From the spec ( http://trac.opendnssec.org/wiki/Signer/AuditorRequirements ) :
>
> "Give an error if a key is seen in use without it having first been seen as prepublished for a time of at least the zone SOA TTL. [E]"
>
> Should the specification be changed?
Yes, since that statement is not correct. We can talk more about this on today's conference call.
// Rickard
More information about the Opendnssec-develop
mailing list