Commit 4b66c0eb authored by Matthijs Mekking's avatar Matthijs Mekking 🏡
Browse files

Change some dnssec-policy defaults

Suggested by Tony Finch, these seem to be more reasonable defaults.
parent 0f9d45a5
Pipeline #27463 passed with stages
in 31 minutes and 17 seconds
5334. [doc] Update documentation with dnssec-policy clarifications.
Also change some defaults.
5333. [bug] Fix duration printing on Solaris when value is not
an ISO 8601 duration. [GL #1460]
 
......
......@@ -11146,8 +11146,8 @@ example.com CNAME rpz-tcp-only.
<para>
A margin that is added to the publish interval in key
timing equations to give some extra time to cover
unforeseen events. Default is <constant>PT5M</constant>
(5 minutes).
unforeseen events. Default is <constant>PT1H</constant>
(1 hour).
</para>
</listitem>
</varlistentry>
......@@ -11158,8 +11158,8 @@ example.com CNAME rpz-tcp-only.
<para>
A margin that is added to the retire interval in key
timing equations to give some extra time to cover
unforeseen events. Default is <constant>PT5M</constant>
(5 minutes).
unforeseen events. Default is <constant>PT1H</constant>
(1 hour).
</para>
</listitem>
</varlistentry>
......@@ -11251,7 +11251,7 @@ example.com CNAME rpz-tcp-only.
<listitem>
<para>
The TTL of the DS RRset that the parent uses. Default is
<constant>PT1H</constant> (1 hour).
<constant>P1D</constant> (1 day).
</para>
</listitem>
</varlistentry>
......
......@@ -13,7 +13,6 @@
<programlisting>
<command>dnssec-policy</command> <replaceable>string</replaceable> {
<<<<<<< HEAD
<command>dnskey-ttl</command> <replaceable>duration</replaceable>;
<command>keys</command> { ( csk | ksk | zsk ) key-directory lifetime <replaceable>duration</replaceable> algorithm <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ] ; ... };
<command>parent-ds-ttl</command> <replaceable>duration</replaceable>;
......
......@@ -99,9 +99,9 @@ struct dns_kasp {
#define DNS_KASP_SIG_VALIDITY (86400*14)
#define DNS_KASP_SIG_VALIDITY_DNSKEY (86400*14)
#define DNS_KASP_KEY_TTL (3600)
#define DNS_KASP_DS_TTL (3600)
#define DNS_KASP_PUBLISH_SAFETY (300)
#define DNS_KASP_RETIRE_SAFETY (300)
#define DNS_KASP_DS_TTL (86400)
#define DNS_KASP_PUBLISH_SAFETY (3600)
#define DNS_KASP_RETIRE_SAFETY (3600)
#define DNS_KASP_ZONE_MAXTTL (86400)
#define DNS_KASP_ZONE_PROPDELAY (300)
#define DNS_KASP_PARENT_PROPDELAY (3600)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment