[ksk-rollover] KSK2017 Rollover was a success
Ólafur Guðmundsson
olafur at cloudflare.com
Thu Mar 28 11:23:20 UTC 2019
Repeat from what I said at the microphone today
Main lesson from this roll is it worked better than we could have
expected, given this was the first time,
We expect that software/configuration has bugs/errors and this exposed some.
There might have been some configurations that did not anticipate change in
the key used ==> nothing beside rolling the KSK could have exposed that.
There were some outages, there may have been some sites that turned off
DNSSEC
and we need to get some measurements of what that long term effect was i.e.
did the validation get turned back on.
The traffic increase reported was interesting but the big picture is it was
in the NOISE range, i.e. all root servers should be able to deal with such
small increase.
I have no opinion at this point when next to roll or how fast to perform
that roll.
Ólafur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190328/77ca4359/attachment-0001.html>
More information about the ksk-rollover
mailing list