Yoshiro YONEYA (yoshiro.yoneya) writes:
>
> Indeed, the document is imcomplete, and need feedbacks from experiences.
There are indeed many ways to facilitate recovery, not all of them
practical or realistic.
Here's one that's more in the realm of prevention, but would faciliate
recovery, assuming the implementation doesn't suffer from the same
operational errors that led the zone owner to consider recovery in
the first place, and assuming the DS-set has been completely borked
by the parent:
Case 6: always have a backup (fallback) DS, published alongside the
existing (production) DS record or records (during rollover) currently
associated with the currently active (production) KSK.
Keep this backup KSK in a safe place, and in case of serious SNAFU with
the existing DS-KSK couple, pull the backup KSK out of the Safe Place,
and start signing the ZSK with that. The DS-set containing the active +
backup KSK being by definition always published, this should allow for
faster convergence (assuming a fairly low TTL for the DNSKEY RRset in
the signed zone).
The problem with the ID may be that there are so many different ways
of doing this (hinted at by the phrase "Registration system (or zone
generation system) of parent zone will be complicated.")...
Phil
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
