[ksk-rollover] (Un)planning future KSK replacements

Michael Richardson mcr+ietf at sandelman.ca
Thu Mar 28 15:46:58 UTC 2019

Pieter Lexis <pieter.lexis at powerdns.com> wrote:
    > On 3/28/19 11:01 AM, Michael StJohns wrote:
    >> I mostly agree with this, and would totally agree if we were
    >> completely 5011 based, but that's not the case.  I think there needs
    >> to be an "interested parties" announcement even if this isn't
    >> announced widely.  E.g. ISPs that do manual configuration on
    >> roll-their-own DNS resolvers etc.

    > Correct. PowerDNS Recursor also does not do (and probably will never
    > do) 5011. We ship the KSK TA's in the binary but are attempting to make
    > the OS vendors (Debian, RedHat etc.) "responsible" for providing this
    > data as they already do for the root server hints.

So, one could have an rfc5011d that ran in parallel (or from cron) that
updated the hints, and life would be okay for you?

Michael Richardson <mcr+IETF at sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190328/8af5ab60/signature.asc>

More information about the ksk-rollover mailing list