[Opendnssec-user] how does auditor calculate delays?
Gilles Massen
gilles.massen at restena.lu
Fri Jan 14 09:05:15 UTC 2011
On 01/13/2011 03:08 PM, Rickard Bellgrim wrote:
>
> On 13 jan 2011, at 13.41, Gilles Massen wrote:
>
>> Why is the SOA ttl considered for the check? DNSKEY TTL I'd understand,
>> but SOA?
>
> Yes, that sounds strange. The first ZSK should be pre-published according to this time:
> Ipub = Dprp + min(TTLsoa, SOAmin)
>
> The following ZSK:s should be pre-published using this time:
> Ipub = Dprp + TTLkey
Ok, that's what I thought, thanks for confirming.
>> As a certainly unwanted sideeffect, the auditor (or the calling process)
>> didn't like that situation at all, as the auditor started to go over the
>> affected zones over and over again (restarting immediately after each run).
>
> The signer have a back off mechanism for doing re-tries. 1 minute, 2 minutes, 4 minutes....
After looking again at the timestamps, this is indeed what happened.
Best,
Gilles
--
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473
More information about the Opendnssec-user
mailing list