DS record TTL question.

Casey Deccio casey at deccio.net
Wed Aug 8 17:31:37 UTC 2012


On Wed, Aug 8, 2012 at 9:36 AM, GS Bryan <chifuyu at anime.my> wrote:

> My question is how can I control the TTL of the DS record inserted into a
> signed zone via inline signing? I'm using BIND 9.9.1 P2.
>
> My zone file has a default TTL of 3600 a.k.a. 1 hour, but it seems the 2
> DS records put into the signed version of the zone has the TTL of 1 day. I
> would like that the zone default TTL be obeyed when the DS records are
> being inserted during inline signing.
>

I don't know about BIND's default behavior for DS TTL or its options for
customizing the TTL, but according to RFC 4035 (Section 2.4):

The TTL of a DS RRset SHOULD match the TTL of the delegating NS RRset
   (that is, the NS RRset from the same zone containing the DS RRset).

Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120808/2afa6e29/attachment.html>


More information about the bind-users mailing list