[Opendnssec-user] Parent info
Miek Gieben
miek at miek.nl
Sat Mar 3 12:19:07 UTC 2012
[ Quoting <visser at terena.org> at 11:34 on Mar 3 in "[Opendnssec-user] Pa..." ]
> [visser at cajones ~]$ dig @a0.org.afilias-nst.info. org soa +noall +answer
>
> ; <<>> DiG 9.7.0-P1 <<>> @a0.org.afilias-nst.info. org soa +noall +answer
> ; (2 servers found)
> ;; global options: +cmd
> org. 900 IN SOA
> a0.org.afilias-nst.info. noc.afilias-nst.info. 2009978691 1800 900
> 604800 86400
>
> So, TTL is 900, and Minimum is 86400 - right?
yes.
> If I understand correctly, this value is important in case you screw
> up things, because the higher this is, the longer it will take before
> it expires from nameservers
yes.
> Now only left is the <PropagationDelay>, which is "the interval
> between the time a new KSK is published in the zone and the time that
> the DS record appears in the parent zone".
I think this is used when you want a automatic KSK rollover (but I'm
not completely sure about that).
> I'm not sure why this is needed? Aren't you supposed to manually tell
> that the DS is "seen"?
Then you are using a manual KSK rollover procedure.
grtz Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120303/d18032ed/attachment.bin>
More information about the Opendnssec-user
mailing list