Last Comment Bug 872885 - regenerate key signing key (KSK)
: regenerate key signing key (KSK)
Product: Graveyard
Classification: Graveyard
Component: Server Operations (show other bugs)
: other
: x86 Mac OS X
-- normal (vote)
: ---
Assigned To: server-ops
: Shyam Mani [:fox2mike] (AFK until March 10)
Depends on:
Blocks: 872818
  Show dependency treegraph
Reported: 2013-05-15 21:24 PDT by Richard Soderberg [:atoll]
Modified: 2015-03-12 08:17 PDT (History)
1 user (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Description User image Richard Soderberg [:atoll] 2013-05-15 21:24:55 PDT
This bug is filed to document that this event occurred tonight for documentation purposes only.
Comment 1 User image Richard Soderberg [:atoll] 2013-05-15 21:31:26 PDT
The KSK for was regenerated around 5pm -0700 at MarkMonitor. We published a dual-signed (old and new KSK) zone around 6pm -0700, and then published a zone signed only by the new KSK at 6:30pm -0700. Between 5pm and 6:30pm, certain validating resolvers (Comcast) encountered sporadic issues resolving; bug 872818 is tracking that event, and bug 872884 is tracking improvements to our process for ZSK/KSK rollover to prevent future outages.

Note You need to log in before you can comment on or make changes to this bug.