Re: dns-root-data in Jessie LTS
Hi,
AFAICS dns-root-data has no reverse-dependency in Jessie (I ran the
script in a more recent box and got confused).
Does it make sense to update it after all?
bind9 ships 3 keys in /etc/bind/bind.keys with the comment "Servers
which were already using the old key (19036) should roll seamlessly to
this new one via RFC 5011 rollover" - hmm, so isn't this working as
intended?
unbound doesn't seem to ship any key (I only see the old 19036 in
testdata/ in the source package).
However it populated /var/lib/unbound/root.key with 20326 on install.
Cheers!
Sylvain
On 13/05/2019 20:45, Ondřej Surý wrote:
> Hi Sylvain,
>
> I am actually not sure whether BIND 9 in Jessie already uses dns-root-data,
> so maybe same procedure will be needed for bind9 package.
>
> Could you perhaps also check unbound?
>
> This is the most probable cause of the weird traffic with old key that DNS Root Operators
> see at root servers.
>
> Just make sure it contains only the new DNSKEY (2017) and not both.
>
> Thanks,
> Ondrej
> --
> Ondřej Surý
> ondrej@isc.org
>
>> On 14 May 2019, at 01:38, Sylvain Beucler <beuc@beuc.net> wrote:
>>
>> Hi,
>>
>> On 13/05/2019 05:43, Ondřej Surý wrote:
>>> could you please update dns-root-data package in Jessie LTS to latest version from Unstable/Stretch?
>> I'll backport it following dkg's stretch update.
>>
>> Besides setting up a bind9, anything we should test?
>>
>> Cheers!
>> Sylvain
>>
Reply to: