• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Question DNSSEC - The TTL of the RRset exceeds the value of the Original TTL field of the RRSIG RR covering it

psxeu

Basic Pleskian
Server operating system version
Almalinux 9
Plesk version and microupdate number
Plesk Obsidian 18.0.67
Hi

I am setting DNSSEC up and are using a couple of online services to validate if everything is okay. One of the services are DNSViz | A DNS visualization tool - When I do it for a domain I get some errors:

RRSIG NSEC proving non-existence of MyDomain.tld/CDNSKEY alg 14, id 47160: The TTL of the RRset (10800) exceeds the value of the Original TTL field of the RRSIG RR covering it (7200). See RFC 4035, Sec. 2.2.

I can fix it by setting the Zone defaults TTL to 3 hours - but it seems more like a hack. Should the system not align the TTL for the RRset with the Zone defaults TTL?
 
I am not able to replicate this issue but then again I'm using Debian 12 instead of AlmaLinux. I'm wondering if this is something the registrar is doing?
 
Back
Top