5011 Calculator

This page allows you to insert parameters that show how RFC5011 parameters affect the proposed refinement timing in draft-ietf-dnsop-rfc5011-security-considerations. This simulation does not (yet) simulate network failures, only delays. You're welcome to clone the source for this page on github

The following publishing parameters can be used to control the timing results:

Add Hold Down Time

You probably don't want to change this

publicationTime

Unix epoch timestamp (zero is easiest on humans)

sigExpirationTime

TTL

of the DNSKEY RRSIGs

Delay Drift Safety

Should be minimum of activeRefesh!
(Any clock drift may result in a resolver delaying acceptance up to one activeRefesh value)

Retry Safety Margin

A reasonable amount of buffer; see draft Section 6.1.8 for suggested values.

The following are resolvers simulation parameters:

Resolver Query Offset Amount

Amount beyond publication the resolver will first query;
Will be limit to an upper value of activeRefresh-1 (see below).

Resolver Query Drift Amount

Network, clock drift and calculation delays that delay subsequent queries.

Is Being Attacked

Is the resolver under a successful replay attack?

Calculated Parameters:

activeRefresh

The resolver will query every this many sceonds + the drift amount

activeRefreshOffset

If non-zero, the addHoldDownTime is not divisble by activeRefresh.

Timing Results

The goal is to never have the green "DNSKEY Accepted" line's mark greater than the appropriate red line.

Timestamp	Human Time	Note
0	0d 0h 0m 0s	Resolver Queries New DNSKEY Publication
604800	7d 0h 0m 0s	Resolver Queries sigExpirationTime = Original DNSKEY RRSIG Expires
604800	7d 0h 0m 0s	DNSKEY First seen
3196800	37d 0h 0m 0s	Resolver Queries sigExpirationTime + addHoldDownTimer
3196800	37d 0h 0m 0s	DNSKEY Accepted
3240000	37d 12h 0m 0s	Resolver Queries sigExpirationTime + addHoldDownTimer + activeRefresh
3240000	37d 12h 0m 0s	sigExpirationTime + addHoldDownTimer + activeRefresh + activeRefreshOffset
3326400	38d 12h 0m 0s	Resolver Queries sigExpirationTime + addHoldDownTimer + activeRefresh + driftSafety
3326400	38d 12h 0m 0s	sigExpirationTime + addHoldDownTimer + activeRefresh + activeRefreshOffset + driftSafety
3412800	39d 12h 0m 0s	Resolver Queries sigExpirationTime + addHoldDownTimer + activeRefresh + driftSafety + retrySafety

Timing Results Detail Table

Timestamp	Human Time	Event	State	Extra Info
0	0d 0h 0m 0s	Resolver Queries New DNSKEY Publication	Scanning
43200	0d 12h 0m 0s	Resolver Queries	Scanning
86400	1d 0h 0m 0s	Resolver Queries	Scanning
129600	1d 12h 0m 0s	Resolver Queries	Scanning
172800	2d 0h 0m 0s	Resolver Queries	Scanning
216000	2d 12h 0m 0s	Resolver Queries	Scanning
259200	3d 0h 0m 0s	Resolver Queries	Scanning
302400	3d 12h 0m 0s	Resolver Queries	Scanning
345600	4d 0h 0m 0s	Resolver Queries	Scanning
388800	4d 12h 0m 0s	Resolver Queries	Scanning
432000	5d 0h 0m 0s	Resolver Queries	Scanning
475200	5d 12h 0m 0s	Resolver Queries	Scanning
518400	6d 0h 0m 0s	Resolver Queries	Scanning
561600	6d 12h 0m 0s	Resolver Queries	Scanning
604800	7d 0h 0m 0s	Resolver Queries sigExpirationTime = Original DNSKEY RRSIG Expires	DNSKEY First seen
648000	7d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 0
691200	8d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 86400
734400	8d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 129600
777600	9d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 172800
820800	9d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 216000
864000	10d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 259200
907200	10d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 302400
950400	11d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 345600
993600	11d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 388800
1036800	12d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 432000
1080000	12d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 475200
1123200	13d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 518400
1166400	13d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 561600
1209600	14d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 604800
1252800	14d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 648000
1296000	15d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 691200
1339200	15d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 734400
1382400	16d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 777600
1425600	16d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 820800
1468800	17d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 864000
1512000	17d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 907200
1555200	18d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 950400
1598400	18d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 993600
1641600	19d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1036800
1684800	19d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1080000
1728000	20d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1123200
1771200	20d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1166400
1814400	21d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1209600
1857600	21d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1252800
1900800	22d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1296000
1944000	22d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1339200
1987200	23d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1382400
2030400	23d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1425600
2073600	24d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1468800
2116800	24d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1512000
2160000	25d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1555200
2203200	25d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1598400
2246400	26d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1641600
2289600	26d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1684800
2332800	27d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1728000
2376000	27d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1771200
2419200	28d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1814400
2462400	28d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1857600
2505600	29d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1900800
2548800	29d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1944000
2592000	30d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 1987200
2635200	30d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2030400
2678400	31d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2073600
2721600	31d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2116800
2764800	32d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2160000
2808000	32d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2203200
2851200	33d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2246400
2894400	33d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2289600
2937600	34d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2332800
2980800	34d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2376000
3024000	35d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2419200
3067200	35d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2462400
3110400	36d 0h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2505600
3153600	36d 12h 0m 0s	Resolver Queries	Waiting in holdDown	holdDownTimer = 2548800
3196800	37d 0h 0m 0s	Resolver Queries sigExpirationTime + addHoldDownTimer	DNSKEY Accepted
3240000	37d 12h 0m 0s	Resolver Queries sigExpirationTime + addHoldDownTimer + activeRefresh	DNSKEY Accepted
3240000	37d 12h 0m 0s	sigExpirationTime + addHoldDownTimer + activeRefresh + activeRefreshOffset	DNSKEY Accepted
3283200	38d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
3326400	38d 12h 0m 0s	Resolver Queries sigExpirationTime + addHoldDownTimer + activeRefresh + driftSafety	DNSKEY Accepted
3326400	38d 12h 0m 0s	sigExpirationTime + addHoldDownTimer + activeRefresh + activeRefreshOffset + driftSafety	DNSKEY Accepted
3369600	39d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
3412800	39d 12h 0m 0s	Resolver Queries sigExpirationTime + addHoldDownTimer + activeRefresh + driftSafety + retrySafety	DNSKEY Accepted
3456000	40d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
3499200	40d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
3542400	41d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
3585600	41d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
3628800	42d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
3672000	42d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
3715200	43d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
3758400	43d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
3801600	44d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
3844800	44d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
3888000	45d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
3931200	45d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
3974400	46d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
4017600	46d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
4060800	47d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
4104000	47d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
4147200	48d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
4190400	48d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
4233600	49d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
4276800	49d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
4320000	50d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
4363200	50d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
4406400	51d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
4449600	51d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
4492800	52d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
4536000	52d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
4579200	53d 0h 0m 0s	Resolver Queries	DNSKEY Accepted
4622400	53d 12h 0m 0s	Resolver Queries	DNSKEY Accepted
4665600	54d 0h 0m 0s	Resolver Queries	DNSKEY Accepted