Question about "max-zone-ttl" in dnssec-policy
Evan Hunt
each at isc.org
Tue Sep 21 22:30:31 UTC 2021
On Tue, Sep 21, 2021 at 03:11:30PM +0200, Tom wrote:
> The documentation says, that "any record encountered with a TTL higher
> than max-zone-ttl is capped at the maximum permissible TTL value".
>
> Is the documentation wrong here?
It does appear to be wrong, yes.
It also differs from the behavior of the 'max-zone-ttl' zone option, which
works by preventing a zone from loading if any TTLs exceed the maximum,
rather than loading the zone but capping the TTL values.
We should probably regularize this, it's confusing to have the same option
mean two different things (not to mention being documented to mean a third).
Thanks for bringing this to our attention. I've created issue #2918 to track
it in gitlab.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list