[Opendnssec-user] kasp.xml's policy timings
tom at whyscream.net
Fri May 4 08:57:44 UTC 2012
On 04-05-12 10:46, Sander Smeenk wrote:
> OHAI GUISE!
> I'm about to put OpenDNSSEC in a production environment and was about
> finalising the policy configuration. I have always wondered how to
> correctly configure the <Parent>-section in the KASP.
> Where do i get those timings from exactly? It seems this information is
> not widespread or easily available. Can i just derive them from DNS
> For example, for SIDN's .nl ccTLD i would derive from DNS:
> <PropagationDelay>: PT7200S
> <DS><TTL>: PT7200S
> <SOA><TTL>: PT7200S
> <SOA><Minimum>: PT900S
> Is it safe to make these assumptions? Sticking with the defaults seems
> safe but also seems to 'delay' the DNSSEC process unnescessarily. ;)
SIDN has put a DNSSEC policy document online  which contains most
values that you need. I guess most other TLDs do the same (didn't deal
with those yet)?
More information about the Opendnssec-user