[dns-operations] Org Dnskey TTL
Dave Knight
dknight at ca.afilias.info
Wed Jun 17 15:56:12 UTC 2009
Hi George,
On 17-Jun-09, at 11:25 AM, George Barwood wrote:
> dig dnskey +dnssec @a0.org.afilias-nst.info +norecurse
>
> seems to be is showing zero TTL for the Dnskey records.
>
> Am I confused or missing something, isn't this all wrong?
You are correct, this is a problem and we are aware of it.
Our DNSSEC signer appliance takes the TTL for the DNSKEY records and
their signatures from the TTL of the SOA. Until this weekend ORGs SOA
TTL was 0, it has now been changed to 900. We will do a followup
maintenance soon to correct the DNSKEY TTLs. I'll follow-up to the
list when that happens.
Thanks for your attention.
dave
Afilias
More information about the dns-operations
mailing list