From aeb3bc5df4984ea56a35b572077f56563803ccd9 Mon Sep 17 00:00:00 2001 From: "wytze@deboca.net" Date: Tue, 17 Apr 2012 07:10:49 +0000 Subject: [PATCH] Reduce SOA expiration timer from 1 week to 2 days, in order to comply with a recommendation made in RFC 4641bis: the SOA expiration timer should be between 1/4th and 1/3rd of the size of the signature validity period (1 week at CAcert). git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2370 14b1bab8-4ef6-0310-b690-991c95c89dfd --- cacert.com | 6 +++--- cacert.com.log | 10 ++++++++-- cacert.net | 6 +++--- cacert.net.log | 10 ++++++++-- cacert.org | 6 +++--- cacert.org.log | 10 ++++++++-- 6 files changed, 33 insertions(+), 15 deletions(-) diff --git a/cacert.com b/cacert.com index a06e82e..3fe3b43 100644 --- a/cacert.com +++ b/cacert.com @@ -1,13 +1,13 @@ ; DNS master zone file for cacert.com, under RCS control -; @(#)(CAcert) $Id: cacert.com,v 1.14 2011/07/14 15:30:42 root Exp $ +; @(#)(CAcert) $Id: cacert.com,v 1.15 2012/04/17 07:07:02 root Exp $ $TTL 12h ; default TTL for zone data @ IN SOA ns1.cacert.com. hostmaster.cacert.com. ( - 2011071401 ; Serial + 2012041701 ; Serial 4h ; refresh time 1h ; retry interval - 1w ; expire time + 2d ; expire time 12h ) ; negative caching TTL @ IN NS ns1.cacert.com. diff --git a/cacert.com.log b/cacert.com.log index 6f18700..e04cf36 100644 --- a/cacert.com.log +++ b/cacert.com.log @@ -1,16 +1,22 @@ RCS file: /var/opendnssec/unsigned/RCS/cacert.com,v Working file: /var/opendnssec/unsigned/cacert.com -head: 1.14 +head: 1.15 branch: locks: strict access list: symbolic names: keyword substitution: kv -total revisions: 14; selected revisions: 14 +total revisions: 15; selected revisions: 15 description: cacert.com - zone file for cacert.com ---------------------------- +revision 1.15 +date: 2012/04/17 07:07:02; author: root; state: Exp; lines: +3 -3 +Reduce SOA expiration timer from 1 week to 2 days, in order to comply with +a recommendation made in RFC 4641bis: the SOA expiration timer should be +between 1/4th and 1/3ed of the size of the signature validity period (1 week). +---------------------------- revision 1.14 date: 2011/07/14 15:30:42; author: root; state: Exp; lines: +3 -2 Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011). diff --git a/cacert.net b/cacert.net index 4a3343a..cad5df3 100644 --- a/cacert.net +++ b/cacert.net @@ -1,13 +1,13 @@ ; DNS master zone file for cacert.net, under RCS control -; @(#)(CAcert) $Id: cacert.net,v 1.15 2011/07/14 15:30:42 root Exp $ +; @(#)(CAcert) $Id: cacert.net,v 1.16 2012/04/17 07:07:02 root Exp $ $TTL 12h ; default TTL for zone data @ IN SOA ns1.cacert.net. hostmaster.cacert.net. ( - 2011071401 ; Serial + 2012041701 ; Serial 4h ; refresh time 1h ; retry interval - 1w ; expire time + 2d ; expire time 12h ) ; negative caching TTL @ IN NS ns1.cacert.net. diff --git a/cacert.net.log b/cacert.net.log index 8ccc15d..a20cba3 100644 --- a/cacert.net.log +++ b/cacert.net.log @@ -1,16 +1,22 @@ RCS file: /var/opendnssec/unsigned/RCS/cacert.net,v Working file: /var/opendnssec/unsigned/cacert.net -head: 1.15 +head: 1.16 branch: locks: strict access list: symbolic names: keyword substitution: kv -total revisions: 15; selected revisions: 15 +total revisions: 16; selected revisions: 16 description: cacert.net - DNS master zone file for cacert.net, under RCS control ---------------------------- +revision 1.16 +date: 2012/04/17 07:07:02; author: root; state: Exp; lines: +3 -3 +Reduce SOA expiration timer from 1 week to 2 days, in order to comply with +a recommendation made in RFC 4641bis: the SOA expiration timer should be +between 1/4th and 1/3ed of the size of the signature validity period (1 week). +---------------------------- revision 1.15 date: 2011/07/14 15:30:42; author: root; state: Exp; lines: +3 -2 Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011). diff --git a/cacert.org b/cacert.org index 5c52601..f58e84c 100644 --- a/cacert.org +++ b/cacert.org @@ -1,13 +1,13 @@ ; DNS master zone file for cacert.org, under RCS control -; @(#)(CAcert) $Id: cacert.org,v 1.51 2012/04/04 15:45:59 root Exp $ +; @(#)(CAcert) $Id: cacert.org,v 1.52 2012/04/17 07:07:02 root Exp $ $TTL 12h ; default TTL for zone data @ IN SOA ns1.cacert.org. hostmaster.cacert.org. ( - 2012040401 ; Serial + 2012041701 ; Serial 4h ; refresh time 1h ; retry interval - 1w ; expire time + 2d ; expire time 12h ) ; negative caching TTL @ IN NS ns1.cacert.org. diff --git a/cacert.org.log b/cacert.org.log index ccad354..5f6f433 100644 --- a/cacert.org.log +++ b/cacert.org.log @@ -1,16 +1,22 @@ RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v Working file: /var/opendnssec/unsigned/cacert.org -head: 1.51 +head: 1.52 branch: locks: strict access list: symbolic names: keyword substitution: kv -total revisions: 51; selected revisions: 51 +total revisions: 52; selected revisions: 52 description: cacert.org - zone file for cacert.org ---------------------------- +revision 1.52 +date: 2012/04/17 07:07:02; author: root; state: Exp; lines: +3 -3 +Reduce SOA expiration timer from 1 week to 2 days, in order to comply with +a recommendation made in RFC 4641bis: the SOA expiration timer should be +between 1/4th and 1/3ed of the size of the signature validity period (1 week). +---------------------------- revision 1.51 date: 2012/04/04 15:45:59; author: root; state: Exp; lines: +2 -4 Drop CNAME records for stamp and timestamp, since this service hasn't been