Re: [Opendnssec-user] [EXT] TTL values through to signed zone?

Jake Zack Tue, 03 Dec 2019 12:14:35 -0800

In /etc/opendnssec/kasp.xml, do you have a...

<TTL>PT86400S</TTL>


...inside your <zone> </zone> context?

If not, perhaps it's a default that occurs in the absence of a TTL specified 
there.

-jake
(Random list observer, not affiliated with opendnssec/nlnetlabs)

-----Original Message-----
From: Opendnssec-user <[email protected]> On Behalf 
Of Havard Eidnes
Sent: December 3, 2019 2:54 PM
To: [email protected]
Subject: [EXT] [Opendnssec-user] TTL values through to signed zone?

Hi,

with OpenDNSSEC 1.4.14, with zone transfers in + out, we've tried to publish an 
RRset with a relatively short TTL:

% dig @<hidden-master> vpn.eduvpn.uninett.no. a ...
vpn.eduvpn.uninett.no.  600     IN      A       158.38.4.11
vpn.eduvpn.uninett.no.  600     IN      A       158.38.2.19
...

However, when these records have passed through OpenDNSSEC, this gets 
transformed into

vpn.eduvpn.uninett.no.  86400   IN      A       158.38.2.19
vpn.eduvpn.uninett.no.  86400   IN      A       158.38.4.11
vpn.eduvpn.uninett.no.  86400   IN      RRSIG   A 8 4 86400 20191222101620 
20191130232045 44016 eduvpn.uninett.no. 
WLeTApQJso6WTaQgOvDZgD+Gjfrp/54I/cmre4/po2DdzfmrsLRn4Ujh 
4kodfMoRw2BZkaVCXb3IFWMm/dbkKh/FF0WYMXdHd1qheXbOlO94DMLw 
mtgApQ3UQ7JMx/dkp2mCXlHAohIhPl4hh2bPh2y6g9cT1+SK3IhtU+IY 
Wzx9GLGlNUf96OwYkKNix1Nwq2GyUZ1FQMhIAncwhkPqiA==

Why doesn't the lowered TTL survive intact in its passage through OpenDNSSEC?  
Bug?

Regards,

- Håvard
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Re: [Opendnssec-user] [EXT] TTL values through to signed zone?

Reply via email to