[dns-operations] Org Dnskey TTL
Chris Thompson
cet1 at cam.ac.uk
Tue Jul 7 20:17:21 UTC 2009
On Jun 18 2009, Dave Knight wrote:
>On 17-Jun-09, at 8:28 PM, Mark Andrews wrote:
[...]
>> Why still a low a ttl for DNSKEY? I can understand for
>> negative responses but changes to DNSKEY would have to be
>> on the order of days anyway as that is what it takes to
>> change trust anchors.
>
>Our signer solution doesn't currently allow the TTL of these records
>to be set individually, a fix for this is in the pipeline though.
So, how long is the pipeline? Currently the original TTL of these
DNSKEY RRs remains at 900 seconds.
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list