[dns-operations] .ie Algorithm rollover nit?
Viktor Dukhovni
ietf-dane at dukhovni.org
Sun Nov 29 22:29:17 UTC 2020
On Sun, Nov 29, 2020 at 05:19:14PM -0500, Olafur Gudmundsson wrote:
> As this is going to be an Async operation this is the ONLY right order of execution.
Note, that at the time I observed the issue, the order was wrong:
https://dnsviz.net/d/ie/X8GL6A/dnssec/
Algorithm 8 *was* present in the DS RRset, and was absent from the
DNSKEY RRset.
> As presence of an algorithm in DS set is a “contract” that the zone is
> signed by that algorithm, now that 8 has been removed from the DS set
> it can next be removed from the DNSKEY set and then the RRSIG’s can be
> deleted.
This got remediated some time later, and now the order is correct.
--
Viktor.
More information about the dns-operations
mailing list