Closed
Bug 872884
Opened 11 years ago
Closed 11 years ago
dnssec: document ZSK and KSK renewal/rollover process
Categories
(Infrastructure & Operations :: DNS and Domain Registration, task)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: Atoll, Assigned: bhourigan)
References
Details
We occasionally need to regenerate the DNSSEC signing keys - usually ZSK (zone), rarely KSK (key). A rollover process is required [1] but needs to be fleshed out into a formal runbook-type process, including notes [2] about what we learned while fixing bug 872831. [1] https://mana.mozilla.org/wiki/display/SYSADMIN/DNSSEC [2] MarkMonitor change limits, rollover process requirements, how to validate published data, incomprehensible errors from dnssec-signzone, key expiration monitoring
Updated•11 years ago
|
Group: infra
Updated•11 years ago
|
Assignee: server-ops → server-ops-infra
Component: Server Operations → Server Operations: Infrastructure
QA Contact: shyam → jdow
Updated•11 years ago
|
Assignee: server-ops-infra → bhourigan
Updated•11 years ago
|
Component: Server Operations: Infrastructure → Infrastructure: Other
Product: mozilla.org → Infrastructure & Operations
Updated•11 years ago
|
Component: Infrastructure: Other → Infrastructure: DNS
Assignee | ||
Comment 2•11 years ago
|
||
We now use an external DNS provider and no longer have the need to maintain our own DNSSEC keys.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•