[Opendnssec-user] TTL changed by signer -- why and what pattern?
Rick van Rein
rick at openfortress.nl
Wed Jun 27 11:25:19 UTC 2012
Hello,
A while back, I tried to set a TTL to 300, for quickly swapping a web server
from an old location to a new. I was surprised to see that OpenDNSSEC signed
the record but set the TTL to 7200. On another OpenDNSSEC system, we found
that that system's MX record's TTL was not changed, but an A or AAAA record
did.
What is the *reason* behind setting a higher TTL? Is it to offload the name
servers and caches? I would assume that this can be left to the administrator
of the zone, i.o.w. that the TTL from the unsigned zone could be replicated?
Note that I am not saying anything about signature validity -- as long as
the TTL is the same on the record and signature, that oughtn't give a
problem -- right?
What is the *logic* that is used to change the TTL? I mean, with possibly
different treatment of MX and A/AAAA records, I find it hard to see what is
done in general.
Thanks,
-Rick
More information about the Opendnssec-user
mailing list