Hi, I was just wondering about the TTL of RRSIGs, say I have my ZSK rollover set for every 30 days, if I add a record with a 10 weeks TTL, (yes, that's a bit stupid, but, for the sake of the argument,) its RRSIG will also have a 10 weeks TTL, and will still be alive in a cache somewhere long after the ZSK is gone and buried.
So, is it a bad thing and RRSIG should not have their TTL to more than X, or I'm overthinking it and we don't care because the cache would have verified that the RRSIG is authentic when getting it and the fact that the key it’s referencing is not there any more is not important ? -- Mathieu Arnold _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
