[Yeti DNS Discuss] Multiple ZSK experiment (MZSK) launching today

Shane Kerr shane at biigroup.cn
Wed Feb 17 09:37:58 UTC 2016


We are finally starting our first formal Yeti experiment!

You don't have to do anything, but please do report any problems that
you see to this discuss list.

The latest document on the experiment (which should get merged into the
main repository shortly):


Today we are going to start adding additional ZSK to the Yeti root
zone. Our goal is to get 6 ZSK into the Yeti root zone. This will let
us know how the DNS works if we were to have one ZSK for each DM
operator and they were all rolling the ZSK at the same time.

We are currently in a regular ZSK roll. I didn't account for this
(oops), but it shouldn't be a problem. We will be adding four ZSK, one
per serial number change, until we have 6 total. After the current key
rolls out we'll add another back in to return to 6 for the remainder of
this initial phase of the experiment. The timeline looks like this:

2016021700 -> zsk1
2016021701 -> zsk2
2016021800 -> zsk3
2016021801 -> zsk4

zsk5 will be added when current the ZSK (11844) is deleted, next
Wednesday, with serial 2016022401.

We have monitoring in place both with scripts to check that DNSSEC
validation continues to work, as well as RIPE Atlas measurements to
observe any impact as our packet size grows.



More information about the discuss mailing list