[Yeti DNS Discuss] Proposed Next Yeti Experiment: Big ZSK (BGZSK)
paul at redbarn.org
Tue Apr 26 03:12:30 UTC 2016
Shane Kerr wrote:
> For the next Yeti experiment we should expand the ZSK size from 1024 to
> 2048 bits. This was already planned at a lower priority, but VeriSign
> announced at the DNS OARC meeting that they are going to do this in
> 2016. It seems useful for us to do it first.
although, i'd like to automate the three key rolls we're doing now. at
the moment, TISF's zsk generation is manual. if we're going to keep to
the MZSK model (and i think we ought to), we have to automate before we
can move on.
> I wrote up a proposal here:
> I think it's an easy experiment. Please let me know what you think! :)
all we've proved so far is that AXFR and IXFR can be made to work, and
even with that, we've learned that MZSK breaks IXFR by default -- that
finding should be documented both for network science posterity and as a
yeti operational guideline.
we need queries. lots of queries. thousands per minute. i've asked bert
hubert if his 'dnsdist' tool could be used to tee off queries for yeti
that were originally sent to a production name server. he seems willing
to help; more later on that.
but with those two matters aside, i agree that using larger zsk sizes is
a useful purpose for the yeti testbed.
More information about the discuss