[Opendnssec-user] PublishSafety default value
c.gielen at uvt.nl
Wed Jan 9 14:57:33 UTC 2013
Op 09-01-13 15:31, WBrown at e1b.org schreef:
> Would it make more sense to query DNS to verify that it really and truly
> has been published rather than assuming it has based on some timer?
It depends on your environment. While you can query all authorative
servers you probably don't know every DNS-cache that might store this
However, an additional check may be usefull under some circumstances.
Maybe even a combination "wait 1 more hour after the key is first seen
on the dns-server"
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7
Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
More information about the Opendnssec-user