Tony Finch · Oct 11, 2018 · 9:24 AM UTC

Tony Finch

Tony Finch @fanf

11 Oct 2018

Checking ahead of the DNSSEC root KSK rollover ... all my resolvers have a ttl > 24h for the root DNSKEY RRset, so I plan to give them a delicate kick after H-hour to ensure things are OK before I head to Amsterdam tomorrow

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 11, 2018 · 9:28 AM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 11, 2018 · 9:28 AM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 @dsilverstone

11 Oct 2018

Replying to @fanf

I've had to deal with a number of KSK rollovers for the first time in production recently. I only fluffed up one of them (the most important one) :-) I need to see if I can automate GANDI to update the KSKs

Oct 11, 2018 · 9:28 AM UTC

Tony Finch · Oct 11, 2018 · 9:32 AM UTC

Tony Finch @fanf

11 Oct 2018

Replying to @dsilverstone

I have some old half-finished code for talking to their XML-RPC service, but I don't know if that is still a thing after their revamp (I'm gradually moving our non ac.uk domains for stupid biiling reasons)

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 11, 2018 · 9:58 AM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 @dsilverstone

11 Oct 2018

Mmm, I just want a way to send them signed instructions for DNS changes. PGP signed email would be fine :-D

more replies

Peter van Dijk · Oct 11, 2018 · 12:07 PM UTC

Peter van Dijk @Habbie

11 Oct 2018

Replying to @dsilverstone @fanf

I understand GANDI is in on CDS/CDNSKEY, should make things easier

Tony Finch · Oct 11, 2018 · 12:14 PM UTC

Tony Finch @fanf

11 Oct 2018

Ooh nice :-)