[Yeti DNS Discuss] Notes from the Yeti Coordinator F2F meeting

Jaap Akkerhuis jaap at NLnetLabs.nl
Thu Sep 17 13:41:48 UTC 2015

 Stephane Bortzmeyer writes:

 > On Thu, Sep 17, 2015 at 12:44:59PM +0800,
 >  Shane Kerr <shane at biigroup.cn> wrote 
 >  a message of 94 lines which said:
 > > * We should document RFC 5011 hold-down timer breaking Unbound (but
 > >   not BIND 9) as a finding
 > IMHO, it is the opposite: BIND ignores the mandatory hold-down timer
 > (and thus works) while Unbound does the right thing (and breaks when
 > the timer was not respected, as in the Yeti root key rollover).

To help people breakig the 5011 protocol, unbound now has an option to do so:

        # instruct the auto-trust-anchor-file probing to add anchors after ttl.
        # add-holddown: 2592000 # 30 days

        # instruct the auto-trust-anchor-file probing to del anchors after ttl.
        # del-holddown: 2592000 # 30 days

Not released yet I think, but in the repository


More information about the discuss mailing list