[Opendnssec-user] key ds-seen / Registry Anycast DNS
Volker Janzen
voja at voja.de
Thu Dec 19 09:16:04 UTC 2013
Hi,
I'm currently working on automated KSK rollovers with my registrars
API. I remember a discussion that it's difficult to say if a DS record
can be assumed as seen, because with Anycast DNS you cannot check all
nameservers from your location (or even when using load-balanced
nameservers, you cannot check all nodes). Does anyone know / can
suggest how long after a DS update at the registry I should wait before
I take the DS seen via DNS lookup? E.g. 24 hours?
Regards,
Volker
More information about the Opendnssec-user
mailing list