[dns-operations] Org Dnskey TTL

Mark Andrews marka at isc.org
Tue Apr 20 11:38:18 UTC 2010


In message <Prayer.1.3.2.1004201112200.24114 at hermes-2.csi.cam.ac.uk>, Chris Tho
mpson writes:
> On Apr 20 2010, Doug Barton wrote:
> 
> >On 4/19/2010 7:53 AM, Chris Thompson wrote:
> >
> >>   org.      900  (15m)
> >
> >> It would seem that the variation is rather extreme, and has little to
> >> do with individual key rollover policies.
> >
> >Sorry if this is a silly question, but is there an operational problem
> >that you've observed as a result of this TTL?
> 
> Obviously, it means that DNSKEY records are fetched more often than they
> should need to be. But no, I can't say that it causes any significant
> operational problem so far. Maybe when more *.org zones are signed?

No.  The fetching of DNSKEY is unrelated to the number of child
zone that are signed.  The DNSKEY is used to verify the contents
of the ORG zone not its children.
 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list