Exercising RFC 5011 rollovers

Phil Mayers p.mayers at imperial.ac.uk
Sat Nov 26 12:44:08 UTC 2011

On 11/26/2011 12:21 PM, Jan-Piet Mens wrote:
>> Feature suggestion: some sort of synthetic clock option to named for
>> use in the test suite ("--test-unixtime-offset") or something?
>> Obviously non-trivial.
> Indeed.
> I think Chris'&  Evan's suggestion of a public zone that revokes and
> replaces trust anchors periodically (every few hours?) is better suited
> to testing.

Wasn't the point of Evan's mail that you can't roll over every few 
hours? That:

"""the RFC requires certain things to take a very long time"""


"""rolling to a new trust anchor and deleting the old one takes over a 


Certainly a test zone is a good idea, but unless you create lots of them 
with staggered rollovers, you'll have quite a lag before you see a 
problem e.g. in a new version of bind. Though I guess there no 
particular difficulty in creating a lot of them.

The synthetic clock approach is used in other large applications and 
framework test suites to simulate long time windows, and will tell you 
in seconds rather than hours or days. Maybe something to consider in 
bind 10.


More information about the bind-users mailing list