[Opendnssec-user] PublishSafety default value

Antti Ristimäki antti.ristimaki at csc.fi
Wed Jan 9 13:16:16 UTC 2013

On 2013-01-09 15:12, Miek Gieben wrote:
> [ Quoting Antti Ristimäki at 15:10 on January  9 in "[Opendnssec-user] PublishSafety def"... ]
>> Hi,
>> I've been wondering whether the default value (3600s) for key
>> PublishSafety margin is too short. As OpenDNSSEC is usually used as a
> Yes, it is...
>> I'm not 100% sure but IIRC there have been validation failures that have
>> been caused by the signer (not necessarily ODS) calculating too
>> optimistic pre-publication intervals without visibility to what is
>> actually available in public DNS.
>> Any thoughts?
> Make it quite a bit longer, who cares, it's only one record. So a couple of
> days are maybe a week is much better IMO.

Well, actually my point was to ask whether it would be wise to increase
the default value in KASP config because I guess that majority run ODS
with the default values, anyway...


More information about the Opendnssec-user mailing list