Hi Evan, can you elaborate on the looping bug? For example, what combination of configuration statements would cause this, and why was a revoked key special in this case. Thanks Roy
On 4 Apr 2019, at 12:50, Evan Hunt <each@isc.org> wrote:
On Thu, Apr 04, 2019 at 09:23:17AM -0700, Wes Hardaker wrote:
Once the revoked key is removed, it stops.
Removed from where? the root zone? the cache? The managed keys file?
Root zone. As far as I can tell it never reaches the cache at all.
Reminder: I was in an airport and working quickly right before the flight and right before the 22nd, when the revoked key would be removed. I'm not *positive* there was a correlation between requests and outgoing DNSKEY queries since this is from memory and because I was working quickly I may not have hit the right conclusion. Wish I had saved pcaps...
Perhaps, but you described a number of behaviors that were significantly different, including intermittency, burstiness, and the fact that the release you were testing should've had the fix for the looping problem... so there may well be two different bugs. After I'm done with jetlag recovery I'm planning to build a test environment and keep looking.
-- Evan Hunt -- each@isc.org Internet Systems Consortium, Inc. _______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover