[dns-operations] (Unvalidatable)ZSK rollover on the root zone has started
Chris Thompson
cet1 at cam.ac.uk
Mon Mar 22 11:58:28 UTC 2010
I see that the DURZ servers ([ailm].root-servers.net) are now giving two
ZSKs for the root zone, the one with key id 23763 used for signing and
the new one with key id 55138 being "pre-published". I take it this starts
the 10-day period with actual rollover due on 2010-04-01.
Which reminds me of a question that's been worrying me: if lots of zone
administrators decide to roll their ZSKs every 3 months (say), are they
*all* going to choose to do so on the natural quarter boundaries? Would
it not be a good idea to encourage them to choose a random offset? (It's
the "everyone chooses to run hourly crontabs *on* the hour" effect, writ
large.)
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list