[Pdns-users] Where does pdns takes DNSKEY TTL in live-signed mode?
Peter van Dijk
peter.van.dijk at netherlabs.nl
Mon May 20 17:52:13 UTC 2013
Hello Nikolay,
On May 20, 2013, at 16:39 , Nikolay Shaplov wrote:
> My powerdns in live-signed mode gives all DNSKEYs with TTLs 3600 and I did
> not find any option that will change it. For test purposes I have changed
> default-ttl to 3611 it affected all other records, but not DNSKEY.
>
> DNSKEY TTL value is important while rotating the keys, and I want not to loose
> control on it, but I even do not know where it is set :-)
>
> Is it hardcoded in C code?
DNSKEYs (and also NSEC, NSEC3 and NSEC3PARAM records) get the SOA default/minimum TTL.
This is the last field in a full SOA. For example:
ns1.example.com. ahu.example.com. 2013051701 28800 7200 604800 86411
yields
example.com. 86411 IN DNSKEY 257 3 8 AwEAAY/SfP...
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
More information about the Pdns-users
mailing list