[Opendnssec-user] Set a very low TTL for a label
Ondrej.Caletka at cesnet.cz
Thu Dec 19 13:04:30 UTC 2013
Dne 19.12.2013 11:27, Matthijs Mekking napsal(a):
> Something like that is not possible: All NSEC3 records TTL will be set
> to SOA minimum value without exceptions. But if you only going to change
> the record (not removing or adding names), you don't need to worry about
> the NSEC3 records TTL.
> I think you can just lower the TTL in the unsigned zone of the specific
> domain name before changing the IP address.
If I change the TTL to lower value than Minimum TTL in KASP, it is
clamped during the signing to the minimum TTL value. So I have to edit
KASP to lower minimum TTL and resign the zone. After changing back to
normal TTL, I should probably edit KASP again and set minimum TTL back
to some reasonable value.
There should be a better way to do that.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5563 bytes
Desc: Elektronicky podpis S/MIME
More information about the Opendnssec-user