Kazunori Fujiwara fujiwara at
Tue Jan 25 06:45:42 UTC 2011


Why does BIND 9 set the TTL of NSEC3PARAM RR to zero ?

  dnssec-signzone sets TTL of NSEC3PARAM RR to 0.
  "update add zone 3600 IN NSEC3PARAM 1 1 10 001122334455" adds
    NSEC3PARAM RR with TTL 0.

# I know that the TTL of NSEC3PARAM RR is trivial.
# RFC 5155 describes NSEC3PARAM RR is not used for validation.
# But RFC 5155 does not describe the TTL of NSEC3PARAM RR.

I don't have any opinion and request for TTL of NSEC3PARAM.
I only want to know the reason.

LDNS and OpenDNSSEC seem to set TTL of NSEC3PARAM to 3600.


Kazunori Fujiwara, JPRS

More information about the bind-users mailing list