OARC 28 (San Juan)

Name: OARC 28 (San Juan)
Start: 2018-03-08T08:30:00-04:00
End: 2018-03-09T18:00:00-04:00
Location: Centro de Convenciones de Puerto Rico

8–9 Mar 2018

Centro de Convenciones de Puerto Rico

America/Puerto_Rico timezone

Overview
Webcast Recordings
Timetable
Contribution List
Co-located Events
About DNS-OARC
Participant List

Support - Help

admin@dns-oarc.net

The Curious Case of the Crippling DS record

8 Mar 2018, 15:00

30m

209-BC (Centro de Convenciones de Puerto Rico)

209-BC

Centro de Convenciones de Puerto Rico

100 Calle Guamaní San Juan 00907 Puerto Rico

Standard Presentation Public Workshop Public Workshop

Roy Arends (ICANN)

When a DNSSEC Key Signing Key (KSK) is rolled, the Delegation Signer (DS) records in the parent are updated as well. A DS record contains the "Digest Type" used to produce the digest over the KSK. Care must be taken when "rolling" the digest type during a KSK roll. It may well cause the entire zone to become bogus. My presentation will show how a Top Level Domain went unreachable due to an obscure requirement in the standard and will show inconsistencies between validator implementations.

Talk Duration	30 Minutes

Roy Arends (ICANN)

Slides

Crippling_DS.pdf

Crippling_DS.pptx

OARC 28 (San Juan)

Support - Help

The Curious Case of the Crippling DS record

209-BC

Centro de Convenciones de Puerto Rico

Speaker

Description

Primary author

Presentation materials