[Opendnssec-user] TTL for NS records at the parent should match the DS TTL

Michael Grimm trashcan at odo.in-berlin.de
Wed Feb 11 18:16:26 UTC 2015

Hi Yuri --

> On 10.02.2015, at 22:25, Yuri Schaeffer <yuri at nlnetlabs.nl> wrote:

>> Must I just add an additional <NS>...</NS> section? Shall I ignore
>> those differences? I cannot find 86400 in my kasp.xml anywhere?
> I think I know what the confusion is about.
> The DS/TTL is to inform OpenDNSSEC about how this record is published
> at the parent. Rather than an instruction to publish it with TTL X.
> It needs this information to get the timing right and it is important
> in case you are rolling your KSK. So set it in the KASP to 86400 seconds.

Ah, I see! Now, I understand the corresponding documentation regarding <Parent>, thanks. I set that entry to 86400 seconds, now.

> As for the 4035 compliance issue. You must take this up with your
> parent/registrar. Most likely you can fix it in their web interface.

No, not in my provider's interface. I will most likely have to open a ticket.

Thank you for your info and regards,

More information about the Opendnssec-user mailing list