[dns-operations] Call for volunteer resolver FW: [Yeti DNS Discuss] The coming KSK rollover experiment in Yeti testbed

Davey Song(宋林健) ljsong at biigroup.cn
Thu Mar 2 04:50:05 UTC 2017 

Hi folks, 

 

For your information, we are going to test the ksk rollover in Yeti testbed
before ICANN’s rollover. Call for volunteer resolver to test it. Thank you
for your attention.

 

http://yeti-dns.org/yeti/blog/2017/03/02/some-notes-for-coming-ksk-rollover-
experiment.html 

 

Best regards,

Davey

 

发件人: discuss [mailto:discuss-bounces at lists.yeti-dns.org] 代表 Davey
Song(宋林健)
发送时间: 2017年3月2日 11:41
收件人: discuss at lists.yeti-dns.org
主题: [Yeti DNS Discuss] The coming KSK rollover experiment in Yeti testbed

 

Hi colleagues,

 

A newly generated KSK will be published into the Yeti root zone for
experiment today. Volunteer resolvers are welcome to join this test. There
are some notes for your information:

 

1)       Two actions: 

a)         A new key(59302 ) will be published today at the serial
2017030200

b)         The document and KSK.pub file on the Github repo and yeti website
will be update to contain two keys 10 days later(2017-03-12), leaving 10
days to welcome new resolver to join this experiment.  

 

2)       About the timeline:

Slot 1: 2017-02-20 to 2017-03-01   change the RRSIG validity period

Slot 2: 2017-03-02 to 2017-03-11   publish the new KSK

Slot 3: 2017-03-12 to 2017-03-23   publish the new KSK

Slot 4: 2017-03-24 to 2017-04-03   publish the new KSK

Slot 5: 2017-04-03 to 2017-04-13   publish the new KSK

Slot 6: 2017-04-14 to 2017-04-23   sign with the new KSK

Slot 7: 2017-04-24 to 2017-05-03   sign with the new KSK

Slot 8: 2017-05-04 to 2017-05-13   revoke the old KSK

Slot 9: 2017-05-14 to 2017-05-23   no longer publish the old KSK

 

3)       For BIND users: 

 

In the last KSK rollover experiment, we found multiple views of BIND may
cause problem during the rollover period. Recently ISC published a post to
explain it and ask BIND users to aware the change during the KSK rollover.

 

https://www.isc.org/blogs/2017-root-key-rollover-what-does-it-mean-for-bind-
users/  

 

4)       For new resolver 

If you would like to join the experiment, please follow the instructions in
http://yeti-dns.org/join.html  and set it up before 2017-03-12, because the
page will be changed containing the two keys for new comer to start with.

 

 

Please let us know, if you found something weird during the experiment. 

 

Best regards,

Davey

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20170302/89f0e395/attachment.html>
-------------- next part --------------
_______________________________________________
discuss mailing list
discuss at lists.yeti-dns.org
http://lists.yeti-dns.org/mailman/listinfo/discuss

More information about the dns-operations mailing list