RE: Policy-dnssec timeline step by step

2025-02-25 Thread Nguyen Thi Minh Tam via bind-users
Yes, the ZSK rollover got weird when the DS had not reach omnipresent state yet. Why is that? -Original Message- From: bind-users On Behalf Of Matthijs Mekking Sent: Friday, February 21, 2025 2:30 PM To: bind-users@lists.isc.org Subject: Re: Policy-dnssec timeline step by step Hi

Re: Policy-dnssec timeline step by step

2025-02-20 Thread Matthijs Mekking
Hi, The timings are based on RFC 7583 and "Flexible and Robust Key Rollover in DNSSEC". They may help a great deal in understanding the time states. https://datatracker.ietf.org/doc/html/rfc7583 https://nlnetlabs.nl/downloads/publications/satin2012-Schaeffer.pdf See below for inline answers.

Re: Policy-dnssec timeline step by step

2025-02-20 Thread Ondřej Surý
Have you read: https://kb.isc.org/docs/dnssec-key-and-signing-policy and https://bind9.readthedocs.io/en/latest/dnssec-guide.html This RFC should give you some background too: https://datatracker.ietf.org/doc/html/rfc6781 Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and yo

Policy-dnssec timeline step by step

2025-02-20 Thread Nguyen Thi Minh Tam via bind-users
Hi, I'm trying out DNSSEC policy for the first time, and I am so confused about the time states—how they calculate the time for the state of the records to change. I really need help because I have a ton of questions (I'm using BIND 9.18.31, btw). I want to understand how it works step by step,