Sorry for hammering the list on the weekend, but I just want to make sure I get things right ;-) According to https://wiki.opendnssec.org/display/DOCS/kasp.xml#kaspxml-ParentZoneInformation, "timing information about the parent zone must be configured in the <Parent> section". My domain sits in .org, so this means that I should pick some values from .org. I start by asking one of the .org nameserers:
[visser@cajones ~]$ dig @a0.org.afilias-nst.info. org soa +noall +answer ; <<>> DiG 9.7.0-P1 <<>> @a0.org.afilias-nst.info. org soa +noall +answer ; (2 servers found) ;; global options: +cmd org. 900 IN SOA a0.org.afilias-nst.info. noc.afilias-nst.info. 2009978691 1800 900 604800 86400 So, TTL is 900, and Minimum is 86400 - right? As mentioned earlier, the TTL of the DS seems to be at least 86400 when I use GKG.net, so that's what I'll use. If I understand correctly, this value is important in case you screw up things, because the higher this is, the longer it will take before it expires from nameservers Now only left is the <PropagationDelay>, which is "the interval between the time a new KSK is published in the zone and the time that the DS record appears in the parent zone". I'm not sure why this is needed? Aren't you supposed to manually tell that the DS is "seen"? THanks!! -- Dick Visser System & Networking Engineer TERENA Secretariat Singel 468 D, 1017 AW Amsterdam The Netherlands _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
