[Opendnssec-user] SOA TTL behaviour
Paul Wouters
paul at nohats.ca
Mon Sep 10 22:26:20 UTC 2012
While investigating why a bind signer and an opendnssec signer ended up
with a different SOA record from the same unsigned zone, I found that
opendnssec modified the SOA's TTL.
It's behaviour is defined in the kasp.xml <SOA> section that provides
the override, but does not seem to have an option "keep" (like it does
for the serial)
I would prefer to not have to hardcode a TTL value outside of the
unsigned zone file. If this ever changes, someone will forget to
update the kasp.xml to match the unsigned zonefile's SOA TTL value.
Is there a reason why opendnssec wants to take over control of this
value?
Paul
More information about the Opendnssec-user
mailing list