[ldns-users] NSEC3PARAM added by ldns-signzone
Michael J. Sheldon
msheldon at godaddy.com
Fri Nov 13 15:16:56 UTC 2015
>From looking at the code, the NSEC3PARAM record is created in ldns_dnssec_zone_sign_nsec3_flg_mkmap, and does not explicitly set the TTL, which is set from ldns_rr_new_frm_type, which uses LDNS_DEFAULT_TTL, which is 3600.
This is different from the NSEC3 records, which are created using the SOA Minimum field for the TTL.
Not sure how if it will work with the command line app, but ldns_dnssec_zone_sign_nsec3_flg_mkmap will leave an existing NSEC3PARAM alone instead of creating a new one, so you could try that. just be sure the parameters in the record match those you pass to ldns-signzone
Michael Sheldon
Dev-DNS Services
GoDaddy.com
________________________________________
From: ldns-users <ldns-users-bounces at open.nlnetlabs.nl> on behalf of A. Schulze <sca at andreasschulze.de>
Sent: Sunday, November 8, 2015 14:22
To: ldns-users at open.nlnetlabs.nl
Subject: [ldns-users] NSEC3PARAM added by ldns-signzone
Hello,
The NSEC3PARAM added by ldns-signzone -n -s $salt -t $num_iterations
always have a TTL of 1h.
Is it possible / useful to set the TTL ?
( ldns-1.6.17 )
Andreas
_______________________________________________
ldns-users mailing list
ldns-users at open.nlnetlabs.nl
http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
More information about the ldns-users
mailing list