[Opendnssec-user] how does auditor calculate delays?
Rickard Bellgrim
rickard.bellgrim at iis.se
Thu Jan 13 14:08:57 UTC 2011
On 13 jan 2011, at 13.41, Gilles Massen wrote:
> Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
> but SOA?
Yes, that sounds strange. The first ZSK should be pre-published according to this time:
Ipub = Dprp + min(TTLsoa, SOAmin)
The following ZSK:s should be pre-published using this time:
Ipub = Dprp + TTLkey
We will have a look at this.
> As a certainly unwanted sideeffect, the auditor (or the calling process)
> didn't like that situation at all, as the auditor started to go over the
> affected zones over and over again (restarting immediately after each run).
The signer have a back off mechanism for doing re-tries. 1 minute, 2 minutes, 4 minutes....
// Rickard
More information about the Opendnssec-user
mailing list