[Yeti DNS Discuss] Proposed Next Yeti Experiment: Big ZSK (BGZSK)

Paul Vixie paul at redbarn.org
Tue Apr 26 03:12:30 UTC 2016

Shane Kerr wrote:
> Hello,
> For the next Yeti experiment we should expand the ZSK size from 1024 to
> 2048 bits. This was already planned at a lower priority, but VeriSign
> announced at the DNS OARC meeting that they are going to do this in
> 2016. It seems useful for us to do it first.

i agree.

although, i'd like to automate the three key rolls we're doing now. at 
the moment, TISF's zsk generation is manual. if we're going to keep to 
the MZSK model (and i think we ought to), we have to automate before we 
can move on.

> I wrote up a proposal here:
> https://github.com/shane-kerr/Yeti-Project/blob/experiment-bgzsk/doc/Experiment-BGZSK.md
> I think it's an easy experiment. Please let me know what you think! :)

all we've proved so far is that AXFR and IXFR can be made to work, and 
even with that, we've learned that MZSK breaks IXFR by default -- that 
finding should be documented both for network science posterity and as a 
yeti operational guideline.

we need queries. lots of queries. thousands per minute. i've asked bert 
hubert if his 'dnsdist' tool could be used to tee off queries for yeti 
that were originally sent to a production name server. he seems willing 
to help; more later on that.

but with those two matters aside, i agree that using larger zsk sizes is 
a useful purpose for the yeti testbed.

P Vixie

More information about the discuss mailing list