[Opendnssec-user] TTL for NS records at the parent should match the DS TTL
Michael Grimm
trashcan at odo.in-berlin.de
Wed Feb 11 18:16:26 UTC 2015
Hi Yuri --
> On 10.02.2015, at 22:25, Yuri Schaeffer <yuri at nlnetlabs.nl> wrote:
>> Must I just add an additional <NS>...</NS> section? Shall I ignore
>> those differences? I cannot find 86400 in my kasp.xml anywhere?
>
> I think I know what the confusion is about.
>
> The DS/TTL is to inform OpenDNSSEC about how this record is published
> at the parent. Rather than an instruction to publish it with TTL X.
>
> It needs this information to get the timing right and it is important
> in case you are rolling your KSK. So set it in the KASP to 86400 seconds.
Ah, I see! Now, I understand the corresponding documentation regarding <Parent>, thanks. I set that entry to 86400 seconds, now.
> As for the 4035 compliance issue. You must take this up with your
> parent/registrar. Most likely you can fix it in their web interface.
No, not in my provider's interface. I will most likely have to open a ticket.
Thank you for your info and regards,
Michael
More information about the Opendnssec-user
mailing list