[Opendnssec-user] PublishSafety default value

Miek Gieben miek.gieben at sidn.nl
Wed Jan 9 13:12:02 UTC 2013


[ Quoting Antti Ristimäki at 15:10 on January  9 in "[Opendnssec-user] PublishSafety def"... ]
> Hi,
> 
> I've been wondering whether the default value (3600s) for key
> PublishSafety margin is too short. As OpenDNSSEC is usually used as a

Yes, it is...

> I'm not 100% sure but IIRC there have been validation failures that have
> been caused by the signer (not necessarily ODS) calculating too
> optimistic pre-publication intervals without visibility to what is
> actually available in public DNS.
> 
> Any thoughts?

Make it quite a bit longer, who cares, it's only one record. So a couple of
days are maybe a week is much better IMO.

grtz Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20130109/ef41f694/attachment.bin>


More information about the Opendnssec-user mailing list