[Opendnssec-user] SOA element overrides in kasp.xml

Yuri Schaeffer yuri at nlnetlabs.nl
Mon Mar 5 08:49:52 UTC 2012


Hi Dick,

On 03/03/12 10:43, Dick Visser wrote:
> I see that in kasp.xml a couple of values from the input zone are overridden.
> For TTL and Minimum of the SOA record, I want these to be just the
> same as my input zone, but AFAIK there is no way to do this, other
> than manually filling in the same value.

The reason for this manual work is in the design of OpenDNSSEC. The
enforcer deals with concepts of keys and policies while the signer does
actual work on the data.

Therefore it is decided that the enforcer does not need or care about
the data (your zonefiles). This is unfortunately not entirely true. To
make decisions about the speed and order of events the enforcer needs to
know these values.

> The Serial value has an option "keep" which keeps whatever is in the input zone.
> Would it be an idea to have this option also for TTL and Minimum?

The signer is the only part parsing the zone file right now. Supporting
this is not trivial.

Regards,
Yuri

> If such an option would exists, it should be a sane default as well,
> so it would make sense to have the default policy configured like that
> too...


-- 
Yuri Schaeffer
NLnet Labs
http://www.nlnetlabs.nl



More information about the Opendnssec-user mailing list