From: Pieter Lexis Date: Fri, 11 Dec 2015 17:13:42 +0000 (+0100) Subject: docs: add note on TTL for DNSSEC RRs. Closes #2195 X-Git-Tag: dnsdist-1.0.0-alpha1~61^2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22a0ddb2d9da6101fe994cc0a2b3d5eb34c9bec7;p=thirdparty%2Fpdns.git docs: add note on TTL for DNSSEC RRs. Closes #2195 --- diff --git a/docs/markdown/authoritative/dnssec.md b/docs/markdown/authoritative/dnssec.md index 9fd03ae7b9..dd82cf938f 100644 --- a/docs/markdown/authoritative/dnssec.md +++ b/docs/markdown/authoritative/dnssec.md @@ -201,6 +201,10 @@ Precisely speaking, the time period used is always from the start of the previou **Note**: Why Thursday? POSIX-based operating systems count the time since GMT midnight January 1st of 1970, which was a Thursday. PowerDNS inception/expiration times are generated based on an integral number of weeks having passed since the start of the 'epoch'. +PowerDNS also serves the DNSKEY records in live-signing mode. Their TTL is derived +from the SOA records *minimum* field. When using NSEC3, the TTL of the NSEC3PARAM +record is also derived from that field. + # `pdnsutil` `pdnsutil` (previously called `pdnssec`) is a powerful command that is the operator-friendly gateway into PowerDNSSEC configuration. Behind the scenes, `pdnsutil` manipulates a PowerDNS backend database, which also means that for many databases, `pdnsutil` can be run remotely, and can configure key material on different servers.