mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 06:55:30 +00:00
Code Issues Releases Wiki Activity

Change some dnssec-policy defaults

Browse Source 
Suggested by Tony Finch, these seem to be more reasonable defaults.
This commit is contained in:
Matthijs Mekking
2019-12-05 12:17:19 +01:00
parent 0f9d45a5b8
commit 4b66c0ebf4
4 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
5334. [doc] Update documentation with dnssec-policy clarifications.
Also change some defaults.
5333. [bug] Fix duration printing on Solaris when value is not 5333. [bug] Fix duration printing on Solaris when value is not
an ISO 8601 duration. [GL #1460] an ISO 8601 duration. [GL #1460]

10
doc/arm/Bv9ARM-book.xml
View File

@@ -11146,8 +11146,8 @@ example.com CNAME rpz-tcp-only.
<para> <para>
A margin that is added to the publish interval in key A margin that is added to the publish interval in key
timing equations to give some extra time to cover timing equations to give some extra time to cover
unforeseen events. Default is <constant>PT5M</constant> unforeseen events. Default is <constant>PT1H</constant>
(5 minutes). (1 hour).
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@@ -11158,8 +11158,8 @@ example.com CNAME rpz-tcp-only.
<para> <para>
A margin that is added to the retire interval in key A margin that is added to the retire interval in key
timing equations to give some extra time to cover timing equations to give some extra time to cover
unforeseen events. Default is <constant>PT5M</constant> unforeseen events. Default is <constant>PT1H</constant>
(5 minutes). (1 hour).
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@@ -11251,7 +11251,7 @@ example.com CNAME rpz-tcp-only.
<listitem> <listitem>
<para> <para>
The TTL of the DS RRset that the parent uses. Default is The TTL of the DS RRset that the parent uses. Default is
<constant>PT1H</constant> (1 hour). <constant>P1D</constant> (1 day).
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>

1
doc/arm/dnssec-policy.grammar.xml
View File

@@ -13,7 +13,6 @@
<programlisting> <programlisting>
<command>dnssec-policy</command> <replaceable>string</replaceable> { <command>dnssec-policy</command> <replaceable>string</replaceable> {
<<<<<<< HEAD
<command>dnskey-ttl</command> <replaceable>duration</replaceable>; <command>dnskey-ttl</command> <replaceable>duration</replaceable>;
<command>keys</command> { ( csk | ksk | zsk ) key-directory lifetime <replaceable>duration</replaceable> algorithm <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ] ; ... }; <command>keys</command> { ( csk | ksk | zsk ) key-directory lifetime <replaceable>duration</replaceable> algorithm <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ] ; ... };
<command>parent-ds-ttl</command> <replaceable>duration</replaceable>; <command>parent-ds-ttl</command> <replaceable>duration</replaceable>;

6
lib/dns/include/dns/kasp.h
View File

@@ -99,9 +99,9 @@ struct dns_kasp {
#define DNS_KASP_SIG_VALIDITY (86400*14) #define DNS_KASP_SIG_VALIDITY (86400*14)
#define DNS_KASP_SIG_VALIDITY_DNSKEY (86400*14) #define DNS_KASP_SIG_VALIDITY_DNSKEY (86400*14)
#define DNS_KASP_KEY_TTL (3600) #define DNS_KASP_KEY_TTL (3600)
#define DNS_KASP_DS_TTL (3600) #define DNS_KASP_DS_TTL (86400)
#define DNS_KASP_PUBLISH_SAFETY (300) #define DNS_KASP_PUBLISH_SAFETY (3600)
#define DNS_KASP_RETIRE_SAFETY (300) #define DNS_KASP_RETIRE_SAFETY (3600)
#define DNS_KASP_ZONE_MAXTTL (86400) #define DNS_KASP_ZONE_MAXTTL (86400)
#define DNS_KASP_ZONE_PROPDELAY (300) #define DNS_KASP_ZONE_PROPDELAY (300)
#define DNS_KASP_PARENT_PROPDELAY (3600) #define DNS_KASP_PARENT_PROPDELAY (3600)