[dns-operations] Org Dnskey TTL
Chris Thompson
cet1 at cam.ac.uk
Wed Jun 17 16:17:06 UTC 2009
On Jun 17 2009, George Barwood wrote:
>dig dnskey +dnssec @a0.org.afilias-nst.info +norecurse
>
>seems to be is showing zero TTL for the Dnskey records.
>
>Am I confused or missing something, isn't this all wrong?
You are missing an "org." in that dig command (and the +dnssec isn't
necessary), but yes, I see all the authoritative servers for org giving
a zero TTL for its DNSKEY RRset.
If one has the trust anchor for org configured in BIND, this has the
effect of zeroing the TTL for everything else from the org zone in the
local cache. What a good thing I didn't do this except on my workstation :-)
At the same time, the TTL for the SOA record for org is now 900 from
the authoritative servers, see an earlier thread. Maybe we are seeing
some sort of transitional state?
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list