On Sun, Nov 29, 2020 at 05:19:14PM -0500, Olafur Gudmundsson wrote:
> As this is going to be an Async operation this is the ONLY right order of
> execution.
Note, that at the time I observed the issue, the order was wrong:
https://dnsviz.net/d/ie/X8GL6A/dnssec/
Algorithm 8 *was* present in the DS RRset, and was absent from the
DNSKEY RRset.
> As presence of an algorithm in DS set is a “contract” that the zone is
> signed by that algorithm, now that 8 has been removed from the DS set
> it can next be removed from the DNSKEY set and then the RRSIG’s can be
> deleted.
This got remediated some time later, and now the order is correct.
--
Viktor.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
