Hi, Dne 19.12.2013 11:27, Matthijs Mekking napsal(a): > Something like that is not possible: All NSEC3 records TTL will be set > to SOA minimum value without exceptions. But if you only going to change > the record (not removing or adding names), you don't need to worry about > the NSEC3 records TTL. > > I think you can just lower the TTL in the unsigned zone of the specific > domain name before changing the IP address.
If I change the TTL to lower value than Minimum TTL in KASP, it is clamped during the signing to the minimum TTL value. So I have to edit KASP to lower minimum TTL and resign the zone. After changing back to normal TTL, I should probably edit KASP again and set minimum TTL back to some reasonable value. There should be a better way to do that. -- Ondřej Caletka
smime.p7s
Description: Elektronicky podpis S/MIME
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
