[Opendnssec-user] Parent info
Rickard Bellgrim
rickard at opendnssec.org
Wed Mar 7 08:38:23 UTC 2012
>> Now only left is the <PropagationDelay>, which is "the interval
>> between the time a new KSK is published in the zone and the time that
>> the DS record appears in the parent zone".
>
> I think this is used when you want a automatic KSK rollover (but I'm
> not completely sure about that).
>
>> I'm not sure why this is needed? Aren't you supposed to manually tell
>> that the DS is "seen"?
>
> Then you are using a manual KSK rollover procedure.
There is no difference between automatic and manual KSK rollover. The
same process and commands do apply. The worst case scenario for the
PropagationDelay of the parent zone is roughly equal to the parents
SOA expire value.
// Rickard
More information about the Opendnssec-user
mailing list