[ksk-rollover] Description of my analysis of the too-many-KSK queries problem
Wes Hardaker
wjhns1 at hardakers.net
Thu Apr 4 16:23:17 UTC 2019
Evan Hunt <each at isc.org> writes:
Can you elaborate on this:
> Once the revoked key is removed, it stops.
Removed from where? the root zone? the cache? The managed keys file?
> Based on sheer volume, I would guess this was a bigger contributor to the
> observed increase in DNSKEY traffic than the bug you discovered, though
> yours is odd, and definitely warrants further investigation.
Reminder: I was in an airport and working quickly right before the
flight and right before the 22nd, when the revoked key would be
removed. I'm not *positive* there was a correlation between requests
and outgoing DNSKEY queries since this is from memory and because I was
working quickly I may not have hit the right conclusion. Wish I had
saved pcaps...
--
Wes Hardaker
USC/ISI
More information about the ksk-rollover
mailing list