In message <caoj-cljgjtj_qm2pnfi3iv_0zzfxesnk9upuahhr-sukahr...@mail.gmail.com> , GS Bryan writes: > Hmm... so what tool adds the DS key? I never use the dnssec-signzone > tool, so that's not it right? What I want is for the DS record to its > TTL the same as the rest of the zone entries. > -- > Bryan S.G.
I don't know what tool you used. If you are maintaining the records by hand then you probably cut-and-pasted the records along with a explicit TTL. If you used nsupdate then the TTL was specified in the update request. Mark > On Thu, Aug 9, 2012 at 1:26 PM, Mark Andrews <ma...@isc.org> wrote: > > > > In message <CAEKtLiSEAkw-XskaeTgd7twkXUaxrkywYAkyBg2DE_16tRv61Q@mail.gmail. > com> > > , Casey Deccio writes: > >> > >> On Wed, Aug 8, 2012 at 9:36 AM, GS Bryan <chif...@anime.my> wrote: > >> > >> > My question is how can I control the TTL of the DS record inserted into > a > >> > signed zone via inline signing? I'm using BIND 9.9.1 P2. > >> > > >> > My zone file has a default TTL of 3600 a.k.a. 1 hour, but it seems the 2 > >> > DS records put into the signed version of the zone has the TTL of 1 day. > I > >> > would like that the zone default TTL be obeyed when the DS records are > >> > being inserted during inline signing. > >> > > >> > >> I don't know about BIND's default behavior for DS TTL or its options for > >> customizing the TTL, but according to RFC 4035 (Section 2.4): > >> > >> The TTL of a DS RRset SHOULD match the TTL of the delegating NS RRset > >> (that is, the NS RRset from the same zone containing the DS RRset). > >> > >> Casey > > > > Named doesn't add DS record as part of the inline signing process. > > > > You need to look at the tool used to add the DS records. > > > > Inline signing adds DNSKEY, NSEC, NSEC3 and NSEC3PARAM records. DS > > is just data as far as inline signing is concerned. > > > > -- > > Mark Andrews, ISC > > 1 Seymour St., Dundas Valley, NSW 2117, Australia > > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users