Latest news

26-06-14 10:44 DK Hostmaster continues to manage the dk domain names

Following a public consultation, the Minister of Business and Growth has decided to extend DIFOís...

23-06-14 08:35 New site for statistics

Did you know that we have registered more than 1.26 mill dk domain names? DK Hostmaster make...

20-06-14 10:26 DANE implemented at DK Hostmaster

Security update: DK Hostmaster has implemented the security technology DANE on our websites and...

News

New TTL on DNSSEC

09-04-14

DK Hostmaster changes Time-To-Live (TTL) on DNSSEC from 24 hours to 2 hours. This means that your resolver caches the DNSSEC request in a shorter period and if errors occur in the key, it will go faster to access the website again.

One of the registrantís and internet providerís concern for introducing DNSSEC is that you cannot access a website if an error occurs in the DNSSEC signing. Discrepancy between the key in the zone and DS at DK Hostmaster often require swift action. A short TTL for DNSSEC data means that changes in these data will have a faster impact and a website thus will be available again faster.

Changes in the zone
Normally, data changes in the zone are not time critical and most users can wait up to a day before it takes hold. However, there may be circumstances where time-critical situations occur for DNSSEC. It may be that someone got hold of your private key and illegally will sign the zone. It may be that there has been a technical error, which means you no longer have access to the private key. Or it may be that you re-delegate a domain name from a provider with DNSSEC to one without DNSSEC and the validation therefore fails. Here, the 2 hours are more acceptable than the 24.

Test: Two-hour TTL is the best
The Japanese administrators (.jp) have tested various TTLs and the impact of requests on their name servers. Their conclusion was that a TTL of two hours is a good compromise between the increased load on the name servers and the time for a service update. DK Hostmaster also tested the two-hour TTL specifically for DNSSEC data in the dk zone and decided to make it permanent while the rest of the zone continues to run with 24 hours TTL.

DK Hostmaster hope that with changes in TTL, it will be easier to get started with DNSSEC with less consequences if failure occurs.