[Yeti DNS Discuss] 答复: Multiple ZSK experiment (MZSK) launching today

Davey Song(宋林健) ljsong at biigroup.cn
Wed Feb 17 10:04:31 UTC 2016


发件人: discuss [mailto:discuss-bounces at lists.yeti-dns.org] 代表 Shane Kerr
发送时间: 2016年2月17日 17:38
收件人: discuss at lists.yeti-dns.org
主题: [Yeti DNS Discuss] Multiple ZSK experiment (MZSK) launching today


We are finally starting our first formal Yeti experiment!

You don't have to do anything, but please do report any problems that you
see to this discuss list.

The latest document on the experiment (which should get merged into the main
repository shortly):


Today we are going to start adding additional ZSK to the Yeti root zone. Our
goal is to get 6 ZSK into the Yeti root zone. This will let us know how the
DNS works if we were to have one ZSK for each DM operator and they were all
rolling the ZSK at the same time.

We are currently in a regular ZSK roll. I didn't account for this (oops),
but it shouldn't be a problem. We will be adding four ZSK, one per serial
number change, until we have 6 total. After the current key rolls out we'll
add another back in to return to 6 for the remainder of this initial phase
of the experiment. The timeline looks like this:

2016021700 -> zsk1
2016021701 -> zsk2
2016021800 -> zsk3
2016021801 -> zsk4

zsk5 will be added when current the ZSK (11844) is deleted, next Wednesday,
with serial 2016022401.

We have monitoring in place both with scripts to check that DNSSEC
validation continues to work, as well as RIPE Atlas measurements to observe
any impact as our packet size grows.



discuss mailing list
discuss at lists.yeti-dns.org

More information about the discuss mailing list