[Opendnssec-user] DS TTL in parent config
sebastian at nzrs.net.nz
Mon Feb 27 21:25:53 UTC 2012
On 28/02/12 10:20, Dick Visser wrote:
> I'm reading up on all the docs again, and I have a question about the
> Parent/DS/TTL configuration.
> According to https://wiki.opendnssec.org/display/DOCS/kasp.xml#kaspxml-ParentZoneInformation:
> "The <DS> tag holds information about the DS record in the parent. It
> contains a single element, <TTL>, which should be set to the TTL of
> the DS record in the parent zone. "
> My domain sits in .org. How do I figure this out? It looks like a
> chicken and egg problem...
> I didn't publish the DS, so I don't know the TTL.
> But in order to publish, I need to configure the TTL.
> I looked at some other DS records in .org for example those for
> comcast.org, iana.org and pir.org, and they all use 86400.
> So I guess I'll have to use that, too.
> I can see that for various .nl domains it is substantially lower, namely 7200.
> But who/what decides on this value?
Depends. If the registry allows the registrar/registrant to specify the
TTL at registration or if they use a fixed TTL value for DS records.
> Is this a fixed number per-TLD? Or per registrar? Or per domain?
You can confirm the right source by checking the DPS for each registry,
which usually includes the pre-defined TTL for the DS records.
> THasnk !!
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
More information about the Opendnssec-user