[Opendnssec-user] PublishSafety default value
Antti Ristimäki
antti.ristimaki at csc.fi
Thu Jan 10 10:13:47 UTC 2013
09.01.2013 16:57, Casper Gielen kirjoitti:
> Op 09-01-13 15:31, WBrown at e1b.org schreef:
>> Would it make more sense to query DNS to verify that it really and truly
>> has been published rather than assuming it has based on some timer?
>
> It depends on your environment. While you can query all authorative
> servers you probably don't know every DNS-cache that might store this
> information.
But if you can verify by DNS queries when the information has been
propagated to all authoritative servers, you can calculate the rest
using the TTL values.
Antti
More information about the Opendnssec-user
mailing list