[Opendnssec-user] TTL values through to signed zone?
Havard Eidnes
he at uninett.no
Tue Dec 3 19:53:58 UTC 2019
Hi,
with OpenDNSSEC 1.4.14, with zone transfers in + out, we've tried
to publish an RRset with a relatively short TTL:
% dig @<hidden-master> vpn.eduvpn.uninett.no. a
...
vpn.eduvpn.uninett.no. 600 IN A 158.38.4.11
vpn.eduvpn.uninett.no. 600 IN A 158.38.2.19
...
However, when these records have passed through OpenDNSSEC, this
gets transformed into
vpn.eduvpn.uninett.no. 86400 IN A 158.38.2.19
vpn.eduvpn.uninett.no. 86400 IN A 158.38.4.11
vpn.eduvpn.uninett.no. 86400 IN RRSIG A 8 4 86400 20191222101620 20191130232045 44016 eduvpn.uninett.no. WLeTApQJso6WTaQgOvDZgD+Gjfrp/54I/cmre4/po2DdzfmrsLRn4Ujh 4kodfMoRw2BZkaVCXb3IFWMm/dbkKh/FF0WYMXdHd1qheXbOlO94DMLw mtgApQ3UQ7JMx/dkp2mCXlHAohIhPl4hh2bPh2y6g9cT1+SK3IhtU+IY Wzx9GLGlNUf96OwYkKNix1Nwq2GyUZ1FQMhIAncwhkPqiA==
Why doesn't the lowered TTL survive intact in its passage through
OpenDNSSEC? Bug?
Regards,
- Håvard
More information about the Opendnssec-user
mailing list