[dns-operations] synchronised ZSK rollovers
Jim Reid
jim at rfc1035.com
Mon Mar 22 12:51:46 UTC 2010
On 22 Mar 2010, at 11:58, Chris Thompson wrote:
> Which reminds me of a question that's been worrying me: if lots of
> zone
> administrators decide to roll their ZSKs every 3 months (say), are
> they
> *all* going to choose to do so on the natural quarter boundaries?
> Would
> it not be a good idea to encourage them to choose a random offset?
It depends. I doubt it matters much if TLDs rollover their ZSKs at the
same time. The impact of that will be on validating resolvers, not the
authopritative servers. So it's spread out and the performance impact
on each resolver should be negligible because they'll be unlikely to
resolve and validate names in every TLD that's just introduced a new
ZSK at the same time. There would be an impact on a hosting provider
or registrar who rolls new ZSKs for (say) 50-100K zones at the same
time or theresabouts. But even that can be managed with a little
common sense.
More information about the dns-operations
mailing list