[Opendnssec-user] DS record TTL in the root zone
Antti Ristimäki
antti.ristimaki at csc.fi
Fri Aug 27 05:30:39 UTC 2010
Hi all,
This isn't probably the very right forum for this question, but as I
know that there are some TLDs using OpenDNSSEC, this might be of a
common interest.
I just began wondering the actual TTL of the DS records in the root zone
versus the documented TTL. Different documents (e.g. [1,2]) state that
the DS TTL in the root zone would be 24 hours, but the reality shows
that the TTL is actually 48 hours.
I don't know if this is a great issue or am I perhaps missing something,
but hopefully different TLDs using OpenDNSSEC have taken this into
account with their KASP config (at least if they rely on OpenDNSSEC
timings when rolling KSK).
[1] https://www.iana.org/dnssec/icann-dps.txt
[2] http://www.root-dnssec.org/wp-content/uploads/2010/06/vrsn-dps-00.txt
Antti
More information about the Opendnssec-user
mailing list