DLV validation fails after ksk rollover
R Dicaire
kritek at gmail.com
Wed Jun 24 02:48:35 UTC 2009
On Tue, Jun 23, 2009 at 10:10 PM, Mark Andrews<marka at isc.org> wrote:
> Yes the updates are slow because we had some disasters with the
> automation but we intend to turn that on again soon. That being
> said you really do need to check that the new data has been published
> before you start the wait periods. That is part of the key rollover
> protocol.
I understand, I compounded validation problems by immediately removing
the old keys, and not knowing
about issues with the DLV NS servers.
> Note you are not alone here. Others have done the same sort of
> thing before even those that should have known better.
No doubt I'm not. I'm still trying to get a handle on zsk and ksk
rollovers, and implement them as a regular operational procedure so
that I don't forget how, and to understand how errors in my doing so
can negatively impact my systems.
Thanks Mark!
--
aRDy Music and Rick Dicaire present:
http://www.ardynet.com
http://www.ardynet.com:9000/ardymusic.ogg.m3u
More information about the bind-users
mailing list