Duh...silly mistake...I did a DIG on the NS record..Once the DS record is removed DNS queries should work fine right? Thanks Bill.
-----Original Message----- From: Bill Owens [mailto:ow...@nysernet.org] Sent: Tuesday, January 07, 2014 11:28 AM To: Eric Davis Cc: bind-users@lists.isc.org Subject: Re: Disable DNSSEC On Tue, Jan 07, 2014 at 04:24:31PM +0000, Eric Davis wrote: > So I guess my DS record has the same TTL as my default TTL for my records? > My default is 8 hours, so if I wait 8 hours after I remove the DS from my > parent zone then I should be ok? My parent zone is a TLD(.edu). The DS record is in the parent zone (.edu) and it has a one-day TTL: ;; AUTHORITY SECTION: rockefeller.edu. 172800 IN NS r2d2.rockefeller.edu. rockefeller.edu. 172800 IN NS rockyd.rockefeller.edu. rockefeller.edu. 86400 IN DS 40486 5 1 954F779D591F011288CAD43D64D96EA543E0D3E5 rockefeller.edu. 86400 IN RRSIG DS 8 2 86400 20140113054536 20140106043536 20750 edu. 0XmRgd7FPG56t7etP2dK0W9gvVVm5oJlaCXufHlWnLsPWwNcAGIEQBCp RxBicOFdPgmxvm1VV+IXq7W2qEKiFOchCgfqm9ugqQ7/DOR0DJW1edgI ZqUVLfMgp/VT1+6EXU+wGiR7D2rZs1xvyu82cMQCkBseiKVAJv2F35LK MSE= Bill. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
