[Unbound-users] Unbound doesn't cache ANY query result from some DNSSEC-signed zone
paul at nohats.ca
Wed Jul 24 13:23:55 UTC 2013
On Wed, 24 Jul 2013, Matthijs Mekking wrote:
>> At nameserver-side, giving non-zero TTL for NSEC3PARAM records
>> might be an workaround against this issue.
>> Unfortunately OpenDNSSEC decided to set zero-TTL
>> to NSEC3PARAM of signing zones .
>>  https://issues.opendnssec.org/browse/OPENDNSSEC-330
> FYI: We are going back to default TTL in the upcoming patch versions for
> OpenDNSSEC 1.3 and 1.4
Please make this a configurable option. It will otherwise cause issues
for people who run/compare a dual signer setup with bind.
More information about the Unbound-users