22 February 2016
DNSSEC has changed the world of the DNS operator in two key respects. First, it has transformed the DNS from a primarily administrative system into a much more complex cryptographic platform (NL) that can be used for a wide variety of new applications (NL). Second, DNSSEC has introduced absolute times to a system that previously used only relative times (TTLs). Furthermore, with DNSSEC, the two timing methods need to interact.
In this article, we consider the timing aspects of DNSSEC by reference to the settings in OpenDNSSEC (NL) (in the file /etc/opendnssec/kasp.xml). OpenDNSSEC is the most widely used DNSSEC solution for BIND named, (NL) which in turn is the most popular DNS server.