IETF Logo Mail Archive

Re: [dnsext] MAR proposal #2: Allowing pre-publishing of DNSKEYs

Joe Abley <jabley@hopcount.ca> Mon, 18 April 2011 14:24 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsext@ietfc.amsl.com
Delivered-To: dnsext@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 96D91E07DE for <dnsext@ietfc.amsl.com>; Mon, 18 Apr 2011 07:24:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6E6FVoQk4fug for <dnsext@ietfc.amsl.com>; Mon, 18 Apr 2011 07:24:31 -0700 (PDT)
Received: from monster.hopcount.ca (monster.hopcount.ca [IPv6:2001:4900:1:392:213:20ff:fe1b:3bfe]) by ietfc.amsl.com (Postfix) with ESMTP id 1C250E07D9 for <dnsext@ietf.org>; Mon, 18 Apr 2011 07:24:31 -0700 (PDT)
Received: from [2001:4900:1042:100:5a55:caff:feec:96bf] (helo=krill.hopcount.ca) by monster.hopcount.ca with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.74 (FreeBSD)) (envelope-from <jabley@hopcount.ca>) id 1QBpNC-000A7n-OQ; Mon, 18 Apr 2011 14:24:20 +0000
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <4DABF7FD.5040406@nlnetlabs.nl>
Date: Mon, 18 Apr 2011 10:24:18 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <FE992B5E-A39C-45FB-9358-7FBC97ED3D51@hopcount.ca>
References: <alpine.BSF.2.00.1011180553250.83352@fledge.watson.org> <20110310223438.978E9C0E902@drugs.dv.isc.org> <4D79DDFA.3010006@nlnetlabs.nl> <alpine.BSF.2.00.1103140901170.99213@fledge.watson.org> <20110314213319.A2799C8CA0B@drugs.dv.isc.org> <alpine.BSF.2.00.1103141750530.74870@fledge.watson.org> <a06240800c9a50cf4632a@10.31.200.110> <AANLkTimUUa5zkr+hZH4jR-euENg_n=9EwtRVBN-cxr9_@mail.gmail.com> <a06240802c9a7b6cb4cc3@192.168.1.105> <AANLkTin+hMZ-27VjkQq7_44zNguMiefhxbgGD+-XZxPP@mail.gmail.com> <a06240802c9a7e0807069@10.31.200.117> <AANLkTi=4co5mS3RYhK1BvUMOm54wgNAMeKtk3_Zm0ff1@mail.gmail.com> <a06240802c9a93d762e13@[10.31.200.112]> <a06240803c9a9417e1fe8@[10.31.200.112]> <4D938CC3.1020103@nlnetlabs.nl> <a06240800c9ba6184d535@[10.31.200.112]> <4D94DF2B.1040407@nlnetlabs.nl> <a06240800c9bb6f86edae@[10.31.200.112]> <alpine.BSF.2.00.1104011022030.92106@fledge.watson.org> <alpine.BSF.2.00.1104011024530.92106@fle dge.watson.org> <006901cbfd9c$a3844030$ea8cc090$@lampo@eurid.! eu> <4DABF7FD.5040406@nlnetlabs.nl>
To: Matthijs Mekking <matthijs@nlnetlabs.nl>
X-Mailer: Apple Mail (2.1084)
X-SA-Exim-Connect-IP: 2001:4900:1042:100:5a55:caff:feec:96bf
X-SA-Exim-Mail-From: jabley@hopcount.ca
X-SA-Exim-Scanned: No (on monster.hopcount.ca); SAEximRunCond expanded to false
Cc: Marc Lampo <marc.lampo@eurid.eu>, dnsext@ietf.org
Subject: Re: [dnsext] MAR proposal #2: Allowing pre-publishing of DNSKEYs
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Apr 2011 14:24:31 -0000

On 2011-04-18, at 04:36, Matthijs Mekking wrote:

> Two DS records of which one is pointing
> to a DNSKEY record that does exist and one that doesn't is a valid and
> thus "normal" situation.

It's also commonly observed during a KSK roll in a child zone, especially for TLDs where the process for submitting new DS RRs to the root zone (or removing old ones) is not instantaneous.


Joe

v2.30.2 | Report a Bug | By Email | System Status