Hello, A while back, I tried to set a TTL to 300, for quickly swapping a web server from an old location to a new. I was surprised to see that OpenDNSSEC signed the record but set the TTL to 7200. On another OpenDNSSEC system, we found that that system's MX record's TTL was not changed, but an A or AAAA record did.
What is the *reason* behind setting a higher TTL? Is it to offload the name servers and caches? I would assume that this can be left to the administrator of the zone, i.o.w. that the TTL from the unsigned zone could be replicated? Note that I am not saying anything about signature validity -- as long as the TTL is the same on the record and signature, that oughtn't give a problem -- right? What is the *logic* that is used to change the TTL? I mean, with possibly different treatment of MX and A/AAAA records, I find it hard to see what is done in general. Thanks, -Rick _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
