[ksk-rollover] Description of my analysis of the too-many-KSK queries problem
Roy Arends
roy at dnss.ec
Thu Apr 4 16:54:37 UTC 2019
Hi Evan, can you elaborate on the looping bug? For example, what combination of configuration statements would cause this, and why was a revoked key special in this case.
Thanks
Roy
> On 4 Apr 2019, at 12:50, Evan Hunt <each at isc.org> wrote:
>
> On Thu, Apr 04, 2019 at 09:23:17AM -0700, Wes Hardaker wrote:
>>> Once the revoked key is removed, it stops.
>>
>> Removed from where? the root zone? the cache? The managed keys file?
>
> Root zone. As far as I can tell it never reaches the cache at all.
>
>> Reminder: I was in an airport and working quickly right before the
>> flight and right before the 22nd, when the revoked key would be
>> removed. I'm not *positive* there was a correlation between requests
>> and outgoing DNSKEY queries since this is from memory and because I was
>> working quickly I may not have hit the right conclusion. Wish I had
>> saved pcaps...
>
> Perhaps, but you described a number of behaviors that were significantly
> different, including intermittency, burstiness, and the fact that the
> release you were testing should've had the fix for the looping problem...
> so there may well be two different bugs. After I'm done with jetlag
> recovery I'm planning to build a test environment and keep looking.
>
> --
> Evan Hunt -- each at isc.org
> Internet Systems Consortium, Inc.
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
More information about the ksk-rollover
mailing list