Yoshiro YONEYA (yoshiro.yoneya) writes: > > Indeed, the document is imcomplete, and need feedbacks from experiences.
There are indeed many ways to facilitate recovery, not all of them practical or realistic. Here's one that's more in the realm of prevention, but would faciliate recovery, assuming the implementation doesn't suffer from the same operational errors that led the zone owner to consider recovery in the first place, and assuming the DS-set has been completely borked by the parent: Case 6: always have a backup (fallback) DS, published alongside the existing (production) DS record or records (during rollover) currently associated with the currently active (production) KSK. Keep this backup KSK in a safe place, and in case of serious SNAFU with the existing DS-KSK couple, pull the backup KSK out of the Safe Place, and start signing the ZSK with that. The DS-set containing the active + backup KSK being by definition always published, this should allow for faster convergence (assuming a fairly low TTL for the DNSKEY RRset in the signed zone). The problem with the ID may be that there are so many different ways of doing this (hinted at by the phrase "Registration system (or zone generation system) of parent zone will be complicated.")... Phil _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop