[ Quoting <[email protected]> at 11:34 on Mar 3 in "[Opendnssec-user] Pa..." ] > [visser@cajones ~]$ dig @a0.org.afilias-nst.info. org soa +noall +answer > > ; <<>> DiG 9.7.0-P1 <<>> @a0.org.afilias-nst.info. org soa +noall +answer > ; (2 servers found) > ;; global options: +cmd > org. 900 IN SOA > a0.org.afilias-nst.info. noc.afilias-nst.info. 2009978691 1800 900 > 604800 86400 > > So, TTL is 900, and Minimum is 86400 - right?
yes. > If I understand correctly, this value is important in case you screw > up things, because the higher this is, the longer it will take before > it expires from nameservers yes. > Now only left is the <PropagationDelay>, which is "the interval > between the time a new KSK is published in the zone and the time that > the DS record appears in the parent zone". I think this is used when you want a automatic KSK rollover (but I'm not completely sure about that). > I'm not sure why this is needed? Aren't you supposed to manually tell > that the DS is "seen"? Then you are using a manual KSK rollover procedure. grtz Miek
signature.asc
Description: Digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
