[Yeti DNS Discuss] First KSK rollover in Yeti Testbed

宋林健 ljsong at biigroup.cn
Wed Jul 1 08:14:28 UTC 2015

I think so.  it is a big challenge on resolve side, I think. From server side, the only concern is the larger response packets can fit in IPv6 network.

------------------ Original ------------------
From:  "Stephane Bortzmeyer"<bortzmeyer at nic.fr>;
Date:  Wed, Jul 1, 2015 03:41 PM
To:  "ljsong"<ljsong at biigroup.cn>; 
Cc:  "discuss"<discuss at lists.yeti-dns.org>; 
Subject:  Re: [Yeti DNS Discuss] First KSK rollover in Yeti Testbed

On Tue, Jun 30, 2015 at 06:14:54PM +0800,
 Davey Song <ljsong at biigroup.cn> wrote 
 a message of 147 lines which said:

> NOTE THAT: the Yeti KSK is going to rollover 2.5 hours later. The
> yeti KSK (RSASHA256 2048) rollover every three month.

Correct me if I'm wrong but it means that:

* root name server operators are not concerned
* resolver operators who do not implement RFC 5011 (or who did not
  update the trust anchor by hand) will suffer.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20150701/838f66d6/attachment.html>

More information about the discuss mailing list