[Yeti DNS Discuss] Notes from the Yeti Coordinator F2F meeting
Jaap Akkerhuis
jaap at NLnetLabs.nl
Thu Sep 17 13:41:48 UTC 2015
Stephane Bortzmeyer writes:
> On Thu, Sep 17, 2015 at 12:44:59PM +0800,
> Shane Kerr <shane at biigroup.cn> wrote
> a message of 94 lines which said:
>
> > * We should document RFC 5011 hold-down timer breaking Unbound (but
> > not BIND 9) as a finding
>
> IMHO, it is the opposite: BIND ignores the mandatory hold-down timer
> (and thus works) while Unbound does the right thing (and breaks when
> the timer was not respected, as in the Yeti root key rollover).
To help people breakig the 5011 protocol, unbound now has an option to do so:
# instruct the auto-trust-anchor-file probing to add anchors after ttl.
# add-holddown: 2592000 # 30 days
# instruct the auto-trust-anchor-file probing to del anchors after ttl.
# del-holddown: 2592000 # 30 days
Not released yet I think, but in the repository
jaap
More information about the discuss
mailing list