March 25, 2015
4:27 a.m.
Evan,
On Tue, Mar 24, 2015 at 04:25:04PM -0400, Michael StJohns wrote:
One of the discussions we've been having about 5011 roll overs is that there's no way to tell whether or not they are "taking" because there's no way to check the resolvers externally.
Why do we need to check externally?
How can we (the folks who are responsible for the KSK) tell if it is safe to revoke the old KSK?
(For that matter what exactly do you mean by "externally"?
From a non-local vantage point.
Most resolvers won't answer queries from outside their local networks anyway.)
There is that. Regards, -drc