nsupdate, dnssec, minimum ttl

Casey Deccio casey at deccio.net
Thu Jun 17 19:26:12 UTC 2010


 On Thu, Jun 17, 2010 at 12:10 PM, Eric Ham <ericham at usc.edu> wrote:
>
> It would appear that the NSEC and RRSIG NSEC TTLs are set to my example.com zone's minimum TTL which is 86400 instead of inheriting the TTL I set of 7200.
>

>From RFC 4034 (section 4):

   The NSEC RR SHOULD have the same TTL value as the SOA minimum TTL
   field.  This is in the spirit of negative caching ([RFC 2308]).

Regards,
Casey



More information about the bind-users mailing list