This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] follow up of "Update RIPE's DNS Zonemaster"
- Previous message (by thread): [dns-wg] follow up of "Update RIPE's DNS Zonemaster"
- Next message (by thread): [dns-wg] follow up of "Update RIPE's DNS Zonemaster"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ondřej Caletka
Ondrej.Caletka at ripe.net
Tue Feb 22 16:28:41 CET 2022
On 19.2. 2022 10:54, Nick Cao via dns-wg wrote: > Strangely, after leaving everything as-is for a day, the rollover has > been completed automatically. Guess that it was the mechanism > documented in > https://www.ripe.net/manage-ips-and-asns/db/support/configuring-reverse-dns#4--automated-update-of-dnssec-delegations > taking effect. However, the same checks would have been applied to > this procedure, or was the system using another instance of zonemaster > or other software? Hello Nick, this was indeed automated update of DS records based on CDS records published in your zone. Since this updater works by using RIPE NCC's superpowers to edit database objects on your behalf, these superpowers also override (or, to be precise, skip) the Zonemaster check. This is generally safe as the updater do all the checks prescribed by RFC 7344. Right now this is really the only way how to automatically upgrade to the newest DNSSEC algorithms which are not supported by the current version of Zonemaster. Unfortunately I cannot tell you anything about why is Zonemaster still not upgraded but hopefully some of my colleagues will do. -- Best regards, Ondřej Caletka RIPE NCC
- Previous message (by thread): [dns-wg] follow up of "Update RIPE's DNS Zonemaster"
- Next message (by thread): [dns-wg] follow up of "Update RIPE's DNS Zonemaster"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]