[Opendnssec-user] Parent info
Dick Visser
visser at terena.org
Sat Mar 3 10:34:12 UTC 2012
Sorry for hammering the list on the weekend, but I just want to make
sure I get things right ;-)
According to https://wiki.opendnssec.org/display/DOCS/kasp.xml#kaspxml-ParentZoneInformation,
"timing information about the parent zone must be configured in the
<Parent> section".
My domain sits in .org, so this means that I should pick some values from .org.
I start by asking one of the .org nameserers:
[visser at cajones ~]$ dig @a0.org.afilias-nst.info. org soa +noall +answer
; <<>> DiG 9.7.0-P1 <<>> @a0.org.afilias-nst.info. org soa +noall +answer
; (2 servers found)
;; global options: +cmd
org. 900 IN SOA
a0.org.afilias-nst.info. noc.afilias-nst.info. 2009978691 1800 900
604800 86400
So, TTL is 900, and Minimum is 86400 - right?
As mentioned earlier, the TTL of the DS seems to be at least 86400
when I use GKG.net, so that's what I'll use.
If I understand correctly, this value is important in case you screw
up things, because the higher this is, the longer it will take before
it expires from nameservers
Now only left is the <PropagationDelay>, which is "the interval
between the time a new KSK is published in the zone and the time that
the DS record appears in the parent zone".
I'm not sure why this is needed? Aren't you supposed to manually tell
that the DS is "seen"?
THanks!!
--
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands
More information about the Opendnssec-user
mailing list