BIND 10 #152: Xfrin changes TTL for RRSIGs
BIND 10 Development
do-not-reply at isc.org
Tue Apr 20 07:05:55 UTC 2010
#152: Xfrin changes TTL for RRSIGs
--------------------------+-------------------------------------------------
Reporter: jreed | Owner:
Type: defect | Status: new
Priority: major | Milestone:
Component: Unclassified | Resolution:
Keywords: | Sensitive: 0
--------------------------+-------------------------------------------------
Comment(by jinmei):
Replying to [ticket:152 jreed]:
> I used Xfrin retransfer to load a zone. The RRSIG and NSEC records TTLs
on master are 90. The SOA minumum is 65. The RRSIG and NSEC records on
slave became 65.
>
> I understand this may be correct for NSEC. BIND 9 has same behaviour.
>
> But all the RRSIG (even for signing non-NSEC records) got changed to 65
TTL too. That is not same behaviour I see in BIND 9.4.3-P3
> (I need to upgrade that master).
I can't reproduce this behavior.
I transferred my personal zone, jinmei.org, from 149.20.54.162, and asked
the local bind10 secondary server for jinmei.org/SOA with +dnssec, I got:
{{{
;; ANSWER SECTION:
jinmei.org. 86400 IN SOA ns.jinmei.org.
jinmei.kame.net. 2010040601 7200 3600 2592000 1200
jinmei.org. 86400 IN RRSIG SOA 5 2 86400
20100506224137 20100406224137 14331 jinmei.org. [sig]
}}}
Note that SOA minimum is 1200 and the TTL of the RRSIG is 86400.
I don't restrict zone transfer for my zone, so you can try it yourself.
--
Ticket URL: <http://bind10.isc.org/ticket/152#comment:1>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list