[Opendnssec-user] opendnssec: NSEC3PARAM TTL
Paul Wouters
paul at nohats.ca
Wed Sep 12 21:32:44 UTC 2012
Hi,
I've almost reached the point where verification of an opendnssec and
bind signed zone files are identical (after ldns-read-zone -0 to strip
out RRSIG and jitter)
In bind, the NSEC3PARAM has a TTL of 0. In opendnssec, it gets the
default ttl, in my case 3600.
Since this record is kind of special, I think I agree with bind that
we should not store it in any caches anywhere, and so a TTL=0 seems
to be the right value. I've attached a patch for this in opendnssec.
Paul
-------------- next part --------------
diff -Naur opendnssec-1.4.0a3-orig/signer/src/signer/zone.c opendnssec-1.4.0a3/signer/src/signer/zone.c
--- opendnssec-1.4.0a3-orig/signer/src/signer/zone.c 2012-08-06 06:52:03.000000000 -0400
+++ opendnssec-1.4.0a3/signer/src/signer/zone.c 2012-09-12 17:00:01.813426466 -0400
@@ -355,7 +355,7 @@
return ODS_STATUS_MALLOC_ERR;
}
ldns_rr_set_class(rr, zone->klass);
- ldns_rr_set_ttl(rr, zone->default_ttl);
+ ldns_rr_set_ttl(rr, 0); /* special case */
ldns_rr_set_owner(rr, ldns_rdf_clone(zone->apex));
ldns_nsec3_add_param_rdfs(rr,
zone->signconf->nsec3params->algorithm, 0,
More information about the Opendnssec-user
mailing list