Skip to content

Implement draft-vandijk-dnsop-nsec-ttl

Matthijs Mekking requested to merge 2347-draft-vandijk-dnsop-nsec-ttl into main

The draft says that the NSEC(3) TTL must have the same TTL value as the minimum of the SOA MINIMUM field and the SOA TTL. This was always the intended behaviour.

Update the zone structure to also track the SOA TTL. Whenever we use the MINIMUM value to determine the NSEC(3) TTL, use the minimum of MINIMUM and SOA TTL instead.

There is no specific test for this, however two tests need adjusting because otherwise they failed: They were testing for NSEC3 records including the TTL. Update these checks to use 600 (the SOA TTL), rather than 3600 (the SOA MINIMUM).

Closes #2347 (closed)

Edited by Matthijs Mekking

Merge request reports