[Opendnssec-user] kasp.xml's policy timings

Tom Hendrikx tom at whyscream.net
Fri May 4 08:57:44 UTC 2012

On 04-05-12 10:46, Sander Smeenk wrote:
> I'm about to put OpenDNSSEC in a production environment and was about
> finalising the policy configuration. I have always wondered how to
> correctly configure the <Parent>-section in the KASP.
> Where do i get those timings from exactly? It seems this information is
> not widespread or easily available. Can i just derive them from DNS
> queries?
> For example, for SIDN's .nl ccTLD i would derive from DNS:
> <PropagationDelay>: PT7200S
> <DS><TTL>: PT7200S
> <SOA><TTL>: PT7200S
> <SOA><Minimum>: PT900S
> Is it safe to make these assumptions? Sticking with the defaults seems
> safe but also seems to 'delay' the DNSSEC process unnescessarily. ;)

SIDN has put a DNSSEC policy document online [1] which contains most
values that you need. I guess most other TLDs do the same (didn't deal
with those yet)?

[1] https://www.sidn.nl/over-nl/dnssec/policy-and-practice/


More information about the Opendnssec-user mailing list