[Opendnssec-user] kasp.xml's policy timings
Tom Hendrikx
tom at whyscream.net
Fri May 4 08:57:44 UTC 2012
On 04-05-12 10:46, Sander Smeenk wrote:
> OHAI GUISE!
>
> I'm about to put OpenDNSSEC in a production environment and was about
> finalising the policy configuration. I have always wondered how to
> correctly configure the <Parent>-section in the KASP.
>
> Where do i get those timings from exactly? It seems this information is
> not widespread or easily available. Can i just derive them from DNS
> queries?
>
> For example, for SIDN's .nl ccTLD i would derive from DNS:
>
> <PropagationDelay>: PT7200S
> <DS><TTL>: PT7200S
> <SOA><TTL>: PT7200S
> <SOA><Minimum>: PT900S
>
> Is it safe to make these assumptions? Sticking with the defaults seems
> safe but also seems to 'delay' the DNSSEC process unnescessarily. ;)
>
SIDN has put a DNSSEC policy document online [1] which contains most
values that you need. I guess most other TLDs do the same (didn't deal
with those yet)?
[1] https://www.sidn.nl/over-nl/dnssec/policy-and-practice/
--
Regards,
Tom
More information about the Opendnssec-user
mailing list