[Opendnssec-user] how does auditor calculate delays?
Carlos M. Martinez
carlos at lacnic.net
Thu Jan 13 14:16:36 UTC 2011
I noted the same behaviour but being my first OpenDNSSEC installation I
thought it was me that was doing something wrong.
regards
Carlos
On 1/13/11 12:08 PM, Rickard Bellgrim wrote:
> On 13 jan 2011, at 13.41, Gilles Massen wrote:
>
>> Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
>> but SOA?
> Yes, that sounds strange. The first ZSK should be pre-published according to this time:
> Ipub = Dprp + min(TTLsoa, SOAmin)
>
> The following ZSK:s should be pre-published using this time:
> Ipub = Dprp + TTLkey
>
> We will have a look at this.
>
>> As a certainly unwanted sideeffect, the auditor (or the calling process)
>> didn't like that situation at all, as the auditor started to go over the
>> affected zones over and over again (restarting immediately after each run).
> The signer have a back off mechanism for doing re-tries. 1 minute, 2 minutes, 4 minutes....
>
> // Rickard
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
--
Carlos M. Martinez
LACNIC I+D
PGP KeyID 0xD51507A2
Phone: +598-2604-2222 ext. 4419
-------------- next part --------------
A non-text attachment was scrubbed...
Name: carlos.vcf
Type: text/x-vcard
Size: 194 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110113/5d04f5d2/attachment.vcf>
More information about the Opendnssec-user
mailing list