[Unbound-users] Expired RRSIGs, yet still "AD" flag set

Paul Wouters paul at xelerance.com
Wed Mar 30 13:30:53 UTC 2011


On Wed, 30 Mar 2011, W.C.A. Wijngaards wrote:

>> I read that as: if the record is authenticated, put it in the cache and
>> use it until the TTL has expired.
>
> Actually unbound caps the TTL so it does not extend beyond the
> expiration time.

Interesting. Isn't that dangerous? It could cause peak loads if all
resolvers worldwide throw away the record at the exact same time...

Paul



More information about the Unbound-users mailing list