On 04-05-12 10:46, Sander Smeenk wrote: > OHAI GUISE! > > I'm about to put OpenDNSSEC in a production environment and was about > finalising the policy configuration. I have always wondered how to > correctly configure the <Parent>-section in the KASP. > > Where do i get those timings from exactly? It seems this information is > not widespread or easily available. Can i just derive them from DNS > queries? > > For example, for SIDN's .nl ccTLD i would derive from DNS: > > <PropagationDelay>: PT7200S > <DS><TTL>: PT7200S > <SOA><TTL>: PT7200S > <SOA><Minimum>: PT900S > > Is it safe to make these assumptions? Sticking with the defaults seems > safe but also seems to 'delay' the DNSSEC process unnescessarily. ;) >
SIDN has put a DNSSEC policy document online [1] which contains most values that you need. I guess most other TLDs do the same (didn't deal with those yet)? [1] https://www.sidn.nl/over-nl/dnssec/policy-and-practice/ -- Regards, Tom _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
