[Opendnssec-user] kasp.xml's policy timings

Sander Smeenk ssmeenk at freshdot.net
Fri May 4 08:46:50 UTC 2012


I'm about to put OpenDNSSEC in a production environment and was about
finalising the policy configuration. I have always wondered how to
correctly configure the <Parent>-section in the KASP.

Where do i get those timings from exactly? It seems this information is
not widespread or easily available. Can i just derive them from DNS

For example, for SIDN's .nl ccTLD i would derive from DNS:

<PropagationDelay>: PT7200S
<DS><TTL>: PT7200S
<SOA><TTL>: PT7200S
<SOA><Minimum>: PT900S

Is it safe to make these assumptions? Sticking with the defaults seems
safe but also seems to 'delay' the DNSSEC process unnescessarily. ;)

| If you jump off a Paris bridge, you are in Seine. 
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2

More information about the Opendnssec-user mailing list