NTA (Negative Trust Anchor) lifetime

Mukund Sivaraman muks at isc.org
Tue Feb 14 15:36:39 UTC 2017


Hi Miguel

On Tue, Feb 14, 2017 at 01:17:00PM -0200, Miguel Mucio Santos Moreira wrote:
> Hi folks
> 
> 
> I'd like to know if it's possible to use NTA (Negative Trust Anchor) in a way I can set it's lifetime as unlimited for a specific domain.
> I have a situation that will be necessary to keep this kind of configuration at least for 3 months.

RFC 7646 caps NTA lifetime to a maximum of 1 week.

You can always patch the source code if you have a need and want to
break RFC.

		Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170214/07d7fa1b/attachment.bin>


More information about the bind-users mailing list