Step 4: introduce source keys on destination signer

Written by Roland van Rijswijk in category: Architecture, Procedures, Technical

The purpose of this step is to introduce the DNSKEY records for the active keys from the source signer on the destination signer and to get an RRSIG signature for the new DNSKEY set this will result in using the active keys on the destination signer. The end situation of this step is shown in […]

No Comments

Step 3: configuring the destination signer

Written by Roland van Rijswijk in category: Architecture, Procedures, Technical

The purpose of this step is to configure the destination signer and to transition it to the situation as shown in the diagram below: To reach this situation, the following sub-steps need to be taken: Configure the zone to be migrated on the new signer Launch automated key management on the new signer but do […]

No Comments

Step 2: cleaning up the source signer

Written by Roland van Rijswijk in category: Architecture, Procedures, Technical

The purpose of this step is to clean up the source signer and to transition it to the situation shown in the image below: To reach this state, the following sub-steps need to be taken: Stop automated uploads of the input zone to the destination signer Stop active key management (when using OpenDNSSEC this means […]

No Comments

Step 1: starting situation

Written by Roland van Rijswijk in category: Architecture, Procedures, Technical

The diagram above shows the starting situation on the source signer. The starting situation shown is a typical snapshot of the state of a signer that uses the “ZSK pre-publication” rollover strategy in which a ZSK is pre-published before it is made active and in which old signatures are gradually rolled to the new key […]

No Comments

Signer migration: our goals and assumptions

Written by Roland van Rijswijk in category: Architecture, Procedures, Technical

Introduction As mentioned in the previous post, we will be publishing a series of articles on signer migration. In this article, we will address the goals we set ourselves for the signer migration as well as outline the assumptions we made. We’ll end the article with a brief explanation of the diagrams we will be […]

1 Comments

Signer migration: a step-by-step guide (introduction)

Written by Roland van Rijswijk in category: Architecture, Procedures, Technical

One of our goals with this blog has been to share what we have learned from our DNSSEC deployment with our constituency and the wider Internet community. Last month we performed a complicated operation on our DNSSEC signer deployment: we migrated from the existing signer setup to a completely independently running new signer. We had […]

No Comments

MTU woes and the merits of re-signing

Written by Roland van Rijswijk in category: General, Procedures

Two stories to learn from today… MTU woes I got some news last week that initially got me worried; several colleagues were experiencing DNS problems at home since our secure delegation had been made active (or so it seemed). They had big problems resolving names under the surfnet.nl domain. We mounted an investigation and it […]

No Comments

Procedure: Replacing a failed HSM

Written by Rick van Rein in category: Procedures, Resilience, Security

This procedure is needed when one (not both) Hardware Security Module (or HSM) has failed. Before doing this, it should be established that there is no repair possible.

No Comments

Procedure: Emergency ZSK/KSK rollover

Written by Rick van Rein in category: Procedures, Security, Timing

This is a nasty procedure that must only be performed if private key material of ZSK and/or KSK is (or may have been) compromised. It always leads to temporary unsatisfactory performance, which is why the chances for this are virtually eliminated with our architecture: either the domain drops out of validating resolvers, or it becomes insecure.

No Comments

Procedure: Signer failure

Written by Rick van Rein in category: Procedures, Resilience

If either the master or slave instance of OpenDNSSEC fails, follow the procedures below. It is assumed that an empty instance is available as a cloneable virtual machine.

2 Comments