Exercising RFC 5011 rollovers
p.mayers at imperial.ac.uk
Sat Nov 26 12:44:08 UTC 2011
On 11/26/2011 12:21 PM, Jan-Piet Mens wrote:
>> Feature suggestion: some sort of synthetic clock option to named for
>> use in the test suite ("--test-unixtime-offset") or something?
>> Obviously non-trivial.
> I think Chris'& Evan's suggestion of a public zone that revokes and
> replaces trust anchors periodically (every few hours?) is better suited
> to testing.
Wasn't the point of Evan's mail that you can't roll over every few
"""the RFC requires certain things to take a very long time"""
"""rolling to a new trust anchor and deleting the old one takes over a
Certainly a test zone is a good idea, but unless you create lots of them
with staggered rollovers, you'll have quite a lag before you see a
problem e.g. in a new version of bind. Though I guess there no
particular difficulty in creating a lot of them.
The synthetic clock approach is used in other large applications and
framework test suites to simulate long time windows, and will tell you
in seconds rather than hours or days. Maybe something to consider in
More information about the bind-users