Hello,
I use BIND 9.9.5 with inline-signing and noticed that the NSEC records
have different TTLs. I can't really explain why there is a difference.
A few of the NSEC records have TTL 300 which is my SOA minimum
(negative) TTL. This should be fine in regard to RFC4035 which states
that every NSEC record SHOULD have the same TTL as the SOA minimum
TTL.
The majority of the NSEC records however have a TTL of 3600 which is
my standard $TTL setting for this zone.
Any idea why BIND has different TTLs for different NSEC records? I
can't find a pattern.
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
