-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
Funny. The TTL for NSEC3PARAM was 0 in very early version of OpenDNSSEC. However, it does not matter what the TTL is: according to RFC 5155 the record is not used by validators or resolvers. The standard also does not dictate any values for the NSEC3PARAM TTL, so we decided to follow the normal TTL rules. Best regards, Matthijs On 09/12/2012 11:32 PM, Paul Wouters wrote: > > Hi, > > I've almost reached the point where verification of an opendnssec > and bind signed zone files are identical (after ldns-read-zone -0 > to strip out RRSIG and jitter) > > In bind, the NSEC3PARAM has a TTL of 0. In opendnssec, it gets the > default ttl, in my case 3600. > > Since this record is kind of special, I think I agree with bind > that we should not store it in any caches anywhere, and so a TTL=0 > seems to be the right value. I've attached a patch for this in > opendnssec. > > Paul > > > _______________________________________________ Opendnssec-user > mailing list [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQUYG8AAoJEA8yVCPsQCW59WcIAL9l97SIbbXKtiedt2Y93NKA s0hzcEqDkwf55f7S6aXUUerkcFXJI1P3a1C8hJsZcj03Q3H8WecetIS/sQOzEObu 6z67HdrianD77tiiaEHjCd7JSPtCuKmOq+u+ZX7aeTec7GNEWUNlKomA/pDi4Gwb 1KZ5CHLeTcNhxAOLrNH3oEMsJJ1jvsUhCliPRGzZ0D7IXnk+IPRzqVC1rqF00zCQ W9RsP/UTVoiVVapjnVasD+iw8AKImAjzCsraCklUU2yrA2qd+lw+B4nXF6DgBaAf 1Enc0dpYXXX0oDNh55ClOpExDDEEnPHJu5VOpyFrHX/v/hyhkFvJR1HpmyN5aHY= =tyfR -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
