[Opendnssec-user] kasp.xml's policy timings
Sander Smeenk
ssmeenk at freshdot.net
Fri May 4 08:46:50 UTC 2012
OHAI GUISE!
I'm about to put OpenDNSSEC in a production environment and was about
finalising the policy configuration. I have always wondered how to
correctly configure the <Parent>-section in the KASP.
Where do i get those timings from exactly? It seems this information is
not widespread or easily available. Can i just derive them from DNS
queries?
For example, for SIDN's .nl ccTLD i would derive from DNS:
<PropagationDelay>: PT7200S
<DS><TTL>: PT7200S
<SOA><TTL>: PT7200S
<SOA><Minimum>: PT900S
Is it safe to make these assumptions? Sticking with the defaults seems
safe but also seems to 'delay' the DNSSEC process unnescessarily. ;)
HALP!
-Sndr.
--
| If you jump off a Paris bridge, you are in Seine.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2
More information about the Opendnssec-user
mailing list