inconsistent nsec3 ttl over different servers #559

Closed
Habbie opened this Issue Apr 26, 2013 · 2 comments

Projects

None yet

1 participant

@Habbie
Member
Habbie commented Apr 26, 2013

If there are different ttl values for the same hostname the ttl of a generate NSEC3 records is based on the last record in the database.

This may lead to inconsistent responses over different servers.

The RFC's recommend the SOA minimum ttl since the generated NSECx record are used for negative caching

@Habbie Habbie was assigned Apr 26, 2013
@Habbie Habbie closed this Apr 26, 2013
@Habbie
Member
Habbie commented Apr 26, 2013

Attachment '' (pdns-3.1-nsec3-ttl.patch) https://gist.github.com/5466787

@Habbie
Member
Habbie commented Apr 26, 2013

Author: peter
I believe this was fixed in r2709 or surrounding commits. Thank you for your work on this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment