ece92bb0f46d06820e36031d5457ec00ca3ea8f9
services/New-DNS.md
... | ... | @@ -39,6 +39,6 @@ These instances do not serve any clients. They poll the registry regularly and r |
39 | 39 | burble is providing monitoring for the new DNS system. It does simple checks on all instances every minute and also logs all changes into #dn42-dns@hackint. |
40 | 40 | |
41 | 41 | # DNSSEC |
42 | -There are currently two KSKs managed by JRB0001-MNT and YAMAKAJA-MNT. They are used once per quarter to sign the DNSKEY RRset. Each master operator has one ZSK which is used to sign the zones (except for the DNSKEY RRset). This setup leads to bigger responses but allows each KSK holder to solve emergencies independently. The signatures of the DNSKEY RRset are valid until the end of the first month of the next quarter to give enough time for coordinating the next siging. All other signatures are valid for 3 days and replaced at least once per day. |
|
42 | +There are currently two KSKs managed by BURBLE-MNT and JRB0001-MNT. They are used once per quarter to sign the DNSKEY RRset. Each master operator has one ZSK which is used to sign the zones (except for the DNSKEY RRset). This setup leads to bigger responses but allows each KSK holder to solve emergencies independently. The signatures of the DNSKEY RRset are valid until the end of the first month of the next quarter to give enough time for coordinating the next siging. All other signatures are valid for 3 days and replaced at least once per day. |
|
43 | 43 | |
44 | 44 | The set of valid KSKs can be found in the registry. |
... | ... | \ No newline at end of file |