[Opendnssec-user] GKG.net - is it any good?

Dick Visser visser at terena.org
Sat Mar 3 09:15:09 UTC 2012 

Hi

As I'm making my way through the docs and cooking up a policy for my
domains, I have a few questions.
I've migrated my cajones.org test domain from GANDI.net to GKG.net, so
now I can add DS records.
Has anyone else used this registrar before? Are they any good?

Anyway, I couldn't find any information about GKG's DNSSEC policies,
so I'm still a bit in the dark about the TTLs...
The default policy lists this:

        <Parent>
            <PropagationDelay>PT9999S</PropagationDelay>
            <DS>
                <TTL>PT3600S</TTL>
            </DS>
            <SOA>
                <TTL>PT172800S</TTL>
                <Minimum>PT10800S</Minimum>
            </SOA>
        </Parent>


I concluded that I should use 3600 for the TTL.
The GKG.net site has a much higher default: 3456000, which is 40 days,
see attached screendump.
I filled in 3600 and waited, but now the DS shows up with 86400 in .org:



[visser at cajones ~]$ dig @a0.org.afilias-nst.info. cajones.org  ds

; <<>> DiG 9.7.0-P1 <<>> @a0.org.afilias-nst.info. cajones.org ds
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38029
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;cajones.org.                   IN      DS

;; ANSWER SECTION:
cajones.org.            86400   IN      DS      64517 8 2
8EC95A8D32F7D40CF253C8FB016285B9FEAA76DCFEBDBC4D825E511A 3E884849

;; Query time: 307 msec
;; SERVER: 2001:500:e::1#53(2001:500:e::1)
;; WHEN: Sat Mar  3 10:09:59 2012
;; MSG SIZE  rcvd: 77



Any ideas what might be going on here?
Could it be that GKG has a default of 40 days, and will override
anything lower than 1 day to 1 day?

Thanks!!



-- 
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gkgnetds1.PNG
Type: image/png
Size: 12877 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120303/07724ebb/attachment.png>

More information about the Opendnssec-user mailing list