9 Pro
2025
9 Pro
'25
13:38
On 09/12/2025 12:59, Einar Bjarni Halldórsson via knot-dns-users wrote:
Hi Einar,
One thing I’m not sure about is exactly what happens
when we run `knotc zone-ksk-submitted`?
If you use this command, Knot DNS assumes that you know what you are
doing, and are aware of the TTLs, etc.
Should I wait before running zone-ksk-submitted, or is
there a config option I’m missing to tell knot
the ds ttl?
You can configure a "submission" section in knot.conf, and provide
trusted resolvers there. Then Knot DNS will watch for DS record updates
at the parent, and consider the TTL before starting the DNSKEY retire
process.
Regards,
Anand Buddhdev