[dns-operations] Org Dnskey TTL
Dave Knight
dknight at ca.afilias.info
Thu Jun 18 13:49:14 UTC 2009
On 17-Jun-09, at 11:56 AM, Dave Knight wrote:
> Hi George,
>
> On 17-Jun-09, at 11:25 AM, George Barwood wrote:
>
>> dig dnskey +dnssec @a0.org.afilias-nst.info +norecurse
>>
>> seems to be is showing zero TTL for the Dnskey records.
>>
>> Am I confused or missing something, isn't this all wrong?
>
> You are correct, this is a problem and we are aware of it.
>
> Our DNSSEC signer appliance takes the TTL for the DNSKEY records and
> their signatures from the TTL of the SOA. Until this weekend ORGs
> SOA TTL was 0, it has now been changed to 900. We will do a followup
> maintenance soon to correct the DNSKEY TTLs. I'll follow-up to the
> list when that happens.
The DNSKEY TTLs were changed yesterday, like the SOA they all now have
a TTL of 900.
dave
Afilias
More information about the dns-operations
mailing list