[ksk-rollover] (Un)planning future KSK replacements

Pieter Lexis pieter.lexis at powerdns.com
Fri Mar 29 10:35:54 UTC 2019


Hi Michael,

On 3/28/19 4:46 PM, Michael Richardson wrote:
> So, one could have an rfc5011d that ran in parallel (or from cron) that
> updated the hints, and life would be okay for you?

Yes, however all of this is an operator choice. Many operators are not
DNS-savvy enough to understand all ramifications but *do* understand
that OS upgrades are important. This would make operating a validating
resolver a bit more hands-off.

Cheers,

Pieter

-- 
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190329/4351586e/signature.asc>


More information about the ksk-rollover mailing list