[Opendnssec-user] Set a very low TTL for a label

Ondřej Caletka Ondrej.Caletka at cesnet.cz
Thu Dec 19 13:04:30 UTC 2013


Dne 19.12.2013 11:27, Matthijs Mekking napsal(a):
> Something like that is not possible: All NSEC3 records TTL will be set
> to SOA minimum value without exceptions. But if you only going to change
> the record (not removing or adding names), you don't need to worry about
> the NSEC3 records TTL.
> I think you can just lower the TTL in the unsigned zone of the specific
> domain name before changing the IP address.

If I change the TTL to lower value than Minimum TTL in KASP, it is
clamped during the signing to the minimum TTL value. So I have to edit
KASP to lower minimum TTL and resign the zone. After changing back to
normal TTL, I should probably edit KASP again and set minimum TTL back
to some reasonable value.

There should be a better way to do that.

Ondřej Caletka

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5563 bytes
Desc: Elektronicky podpis S/MIME
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20131219/2d929b9e/attachment.bin>

More information about the Opendnssec-user mailing list