[Unbound-users] Expired RRSIGs, yet still "AD" flag set

Patrik Wallström pawal at blipp.com
Wed Mar 30 13:48:47 UTC 2011


On Mar 30, 2011, at 3:30 PM, Paul Wouters wrote:

> On Wed, 30 Mar 2011, W.C.A. Wijngaards wrote:
> 
>>> I read that as: if the record is authenticated, put it in the cache and
>>> use it until the TTL has expired.
>> 
>> Actually unbound caps the TTL so it does not extend beyond the
>> expiration time.
> 
> Interesting. Isn't that dangerous? It could cause peak loads if all
> resolvers worldwide throw away the record at the exact same time...

Only if you have expiration times that are shorter than TTL, right? Is that common?





More information about the Unbound-users mailing list