[dns-operations] Signing of the ARPA zone
João Damas
joao at bondis.org
Fri Mar 26 00:05:13 UTC 2010
On 25 Mar 2010, at 14:15, Paul Vixie wrote:
>> From: Mark Andrews <marka at isc.org>
>> Date: Fri, 26 Mar 2010 05:07:26 +1100
>>
>> The TTL will be related to the cached data under arpa. When the
>> offending data clears the cache it will correct itself. This is
>> likely
>> to be the ttl of the DNSKEY, DS or negative DS cache entry.
>
> so, to make it happen any faster than ttl expiry,
a highly desirable feature
> the caching validator
> would have to probe the authority (with a long retry interval) to
> see if
> pre-expiry is warranted when validation fails in this way?
yep, there does not seem to be any other way (except perhaps keep a
closer eye on all DS RRs, even when disguised as DLV RRs, and detect
differences, but that gets ugly quickly
More information about the dns-operations
mailing list