Change NSEC3PARAM TTL from 0 to non-zero

Low TTLs are more susceptible for attacks, and adversaries can abuse zero-TTL records in their attack. Change NSEC3PARAM TTL to something non-zero (value TBD).

Change the default value of the NSEC3PARAM TTL
Make nsec3param TTL configurable in the dnssec-policy

Edited Oct 12, 2022 by Matthijs Mekking

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information