[Opendnssec-develop] Realtime scheduling... off the shelf?
Olaf Kolkman
olaf at NLnetLabs.nl
Fri Jan 16 08:59:25 UTC 2009
On Jan 15, 2009, at 9:27 PM, Rick van Rein wrote:
>
> The most worrysome concerns with DNSSEC would seem to be related to
> timing.
> I've spent some thought on how to get it all flowing well, and you
> inevitably end up with complicating reasonings like:
>
> 1. I can predict how long zone re-signing takes
> 2. I know when re-signing should be done
> 3. So I know when to start re-signing a zone
> 4. Let's keep some space for emergency re-signing popping up
> unexpectedly
> 5. Oops, what if all zones come in at once
I don't see in what use cases this becomes relevant. Iff your
signature validity intervals are so short that they interfere with
resigning frequency and zone signing duration you seem to be on your
way to the gun shop to inflict some serious foot pain.
--Olaf
-----------------------------------------------------------
Olaf M. Kolkman NLnet Labs
Science Park 140,
http://www.nlnetlabs.nl/ 1098 XG Amsterdam
NB: The street at which our offices are located has been
renamed to the above.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090116/85ef68fd/attachment.bin>
More information about the Opendnssec-develop
mailing list