[Pdns-users] Where does pdns takes DNSKEY TTL in live-signed mode?

Peter van Dijk peter.van.dijk at netherlabs.nl
Mon May 20 17:52:13 UTC 2013

Hello Nikolay,

On May 20, 2013, at 16:39 , Nikolay Shaplov wrote:

> My powerdns  in live-signed mode gives all DNSKEYs with TTLs 3600 and I did 
> not find any option that will change it. For test purposes I have changed 
> default-ttl to 3611 it affected all other records, but not DNSKEY.
> DNSKEY TTL value is important while rotating the keys, and I want not to loose 
> control on it, but I even do not know where it is set :-)
> Is it hardcoded in C code?

DNSKEYs (and also NSEC, NSEC3 and NSEC3PARAM records) get the SOA default/minimum TTL.
This is the last field in a full SOA. For example:
  ns1.example.com. ahu.example.com. 2013051701 28800 7200 604800 86411


example.com.		86411	IN	DNSKEY	257 3 8 AwEAAY/SfP...

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

More information about the Pdns-users mailing list