All,
I'm about to submit the change request for signing our zones, and in our
standard-form requests I'm required to submit a backout plan.
What is the recommended/safe rollout/backout plan for signing a zone? I
presume it goes something like this:
1. Insert DNSKEY records; wait for them to propagate (SOA TTL)
2. Sign the zone, increment the serial#, re-publish
3. Observe operation
4. If all is well, publish DLV record (or DS to parent)
Assume this happens and *then* a problem is reported; how do I roll
back? I note the TTLs in "dlv.isc.org" are 3600, so presumably it will
take an hour (worst case) to "unpublish" a DLV.
Comments welcome.
|