[Opendnssec-user] Issues with INCLUDE statements
Matthijs Mekking
matthijs at NLnetLabs.nl
Tue Nov 23 10:07:04 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Sebastian,
Thanks for the report. As Rickard mailed before, some issues have been
fixed in trunk.
> - changed TTLs for a record, without proper signature update
This now also has been fixed. There could still be some weird behavior
if the TTLs for RRs in the same RRset differ. However, this situation is
deprecated according to RFC 2181.
If OpenDNSSEC encounters such RRset with varying TTLs, it sets all TTLs
to the value of the lowest TTL (also according to RFC 2181). Because it
then changes the TTL value, next time when reading the zone, it will
treat it as if the RR was updated, even if no change has been made to
the unsigned zone (because OpenDNSSEC changed the TTL and the TTLs now
differ).
Best regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJM65JHAAoJEA8yVCPsQCW53h8H/j/nN3EZZ5lHhSE2P/IR7YBQ
j/bWWZ4zNWsX9UfvB1fp0I6OT9+mSgvWr7UgmoalNPOh5QPheTMv80HhNhx2QVVc
qPZrs7EhuKjlXHzOepcFfm6bOBuNayG9EGGJcXYmt86LoWbS08mNZw5EPENKSFLR
k77g9sIyecwg+F9T1rVh/BKnQvAU80oix6Y3oFFSZJBAIZ178NxMyBs/BpCt9HZI
miEe021Qxx5DylDaYts4EEldxR+mo9/wBI8IcQHeN2uwug7E1UxV6t8f6TS4i66B
RPMFToUl9auMl0vvjalvbjGZUZRCh1T6yoV+yqtnSPHto8UZkNrLLOjObkOWFcw=
=IWPJ
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list