[Yeti DNS Discuss] The coming KSK rollover experiment in Yeti testbed

Davey Song(宋林健) ljsong at biigroup.cn
Thu Mar 2 03:40:37 UTC 2017

Hi colleagues,


A newly generated KSK will be published into the Yeti root zone for
experiment today. Volunteer resolvers are welcome to join this test. There
are some notes for your information:


1)       Two actions: 

a)         A new key(59302 ) will be published today at the serial

b)         The document and KSK.pub file on the Github repo and yeti website
will be update to contain two keys 10 days later(2017-03-12), leaving 10
days to welcome new resolver to join this experiment.  


2)       About the timeline:

Slot 1: 2017-02-20 to 2017-03-01   change the RRSIG validity period

Slot 2: 2017-03-02 to 2017-03-11   publish the new KSK

Slot 3: 2017-03-12 to 2017-03-23   publish the new KSK

Slot 4: 2017-03-24 to 2017-04-03   publish the new KSK

Slot 5: 2017-04-03 to 2017-04-13   publish the new KSK

Slot 6: 2017-04-14 to 2017-04-23   sign with the new KSK

Slot 7: 2017-04-24 to 2017-05-03   sign with the new KSK

Slot 8: 2017-05-04 to 2017-05-13   revoke the old KSK

Slot 9: 2017-05-14 to 2017-05-23   no longer publish the old KSK


3)       For BIND users: 


In the last KSK rollover experiment, we found multiple views of BIND may
cause problem during the rollover period. Recently ISC published a post to
explain it and ask BIND users to aware the change during the KSK rollover.




4)       For new resolver 

If you would like to join the experiment, please follow the instructions in
http://yeti-dns.org/join.html  and set it up before 2017-03-12, because the
page will be changed containing the two keys for new comer to start with.



Please let us know, if you found something weird during the experiment. 


Best regards,


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20170302/3965cfc4/attachment.html>

More information about the discuss mailing list