Where does NSEC3PARAM record inherit TTL?

OS type and version CentOS 6.9
Webmin version 1.99
Virtualmin version 6.17
Related packages SUGGESTED

Just signed a zone w/ “set up DNSSEC key” and it’s getting an error on dnsviz.net for the NSEC3PARAM record having a TTL of 0, just curious where it’s inheriting the TTL of 0?

“* RRSIG (redact).com/NSEC3PARAM alg 8, id 43416: The TTL of the RRset (3600) exceeds the value of the Original TTL field of the RRSIG RR covering it (0).”

The zone file explicity sets it to 0;
(redact).com. 0 IN NSEC3PARAM 1 0 10 -
(redact).com. 0 IN RRSIG NSEC3PARAM 8 2 0 (sig)


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.