In message <26b62956-fe40-4f21-9e75-49ba7c3b8...@dnss.ec>, Roy Arends writes: > On Sep 10, 2009, at 9:17 PM, David Conrad wrote: > > > The issue is that ISC harvests data from the ITAR and they didn't > > synch the change submitted by PR to the ITAR. > > Indeed. > > DLV registries that choose to sync with ITARs should do that > regularly. Synching once a week is ridiculously low. > > Why should the operators of PR care about this DLV? What if some other > DLV decides to synch with itar once a month? How does PR or some other > registry with keys in ITAR know which DLV synch's how often with what > TAR? > > The problem is DLV. Not ITAR. Not PR.
Actually there is blame all round. PR for not performing a key rollover correctly. They still havn't updated their own web site <http://dnssec.nic.pr/serverconf.php> so there will be people who haven't been informed yet. trusted-keys { "pr." 256 3 5 "BQEAAAABvS8Q64q8v62DW3y4EtUmsHr0dpU9Mizo63NXFMlEA4UaO88s B5il79Mb J0dzmRZ7M+j/E5pVSTTazJsK6LMnncBF3bwMWo4/nVVB0d9E 6CsClsJFU+A0a8kWI Z+aXuqUHO7QZ88qG7cwLbTNwHeo1X+ArvXgXmU6 OaemL3v5+eU="; "pr." 257 3 5 "AwEAAc6SkFSHw00wJFUWd1Td/efsxhfX+UTrxrzqQXNuZ8Qj2PiP6p/m BxysJt06 XgSCB41CPhkgvgqrtdaJ/hXKG81xNXUcGfqvV9wYMJnN+oBB /lLaQU/39fWaNc4fB GiRI2dNDVKPry2YX6y04YrEGRM+wf6HWHVdW1Js xuMuDOSr"; }; ITAR for not publishing a polling interval. I would recommend that it be in line with the TTL that they are going to use on the DS records. I would expect this to be 1-2 days. ISC for having a highish polling interval. I've recommending that ISC drops the poll interval down to 1 hour which is inline with the TTL of the DLV record. ISC needs to make sure its polling interval of the ITAR + DLV TTL is less than the maximim ITAR polling interval so that no extra delay is added. Mark > Roy > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
