[dns-operations] Request for prior announcement of Root KSK Rollover critical time
Paul Wouters
paul at nohats.ca
Mon Oct 2 20:29:37 UTC 2017
On Mon, 2 Oct 2017, Paul Hoffman wrote:
>> Root zone serial 2017091900, containing 4 DNSKEYs for the first time, has
>> been pushed to all root name servers.
>
> To close the loop on this:
>
> ICANN carefully tracked the likely side-effects of the increase in size of
> the root's DNSKEY RRset to its highest value. We got streams of data from
> most of the root operators for indicators such as query rates for DNSKEY,
> total query rate, TCP query rate, truncation, and ICMP status messages, and
> we saw no indication of significant problems that started with the
> introduction of the new DNSKEY RRset.
Thanks for reporting this. We can now let go of the myth of key sizes
mattering.
Paul
More information about the dns-operations
mailing list