[dns-operations] Org Dnskey TTL

Phil Regnauld regnauld at nsrc.org
Tue Apr 20 13:45:10 UTC 2010

Andrew Sullivan (ajs) writes:
> On Tue, Apr 20, 2010 at 09:38:18PM +1000, Mark Andrews wrote:
> > No.  The fetching of DNSKEY is unrelated to the number of child
> > zone that are signed.  The DNSKEY is used to verify the contents
> > of the ORG zone not its children.
> Except that, of course, if you're validating your way up the chain you
> will validate .org more often as more zones inside it are signed, no?

	That's a valid observation of the popularity of a given zone, but not to
	be confused with a protocol requirement.


More information about the dns-operations mailing list