Re: dns-root-data in Jessie LTS
AFAICS dns-root-data has no reverse-dependency in Jessie (I ran the
script in a more recent box and got confused).
Does it make sense to update it after all?
bind9 ships 3 keys in /etc/bind/bind.keys with the comment "Servers
which were already using the old key (19036) should roll seamlessly to
this new one via RFC 5011 rollover" - hmm, so isn't this working as
unbound doesn't seem to ship any key (I only see the old 19036 in
testdata/ in the source package).
However it populated /var/lib/unbound/root.key with 20326 on install.
On 13/05/2019 20:45, Ondřej Surý wrote:
> Hi Sylvain,
> I am actually not sure whether BIND 9 in Jessie already uses dns-root-data,
> so maybe same procedure will be needed for bind9 package.
> Could you perhaps also check unbound?
> This is the most probable cause of the weird traffic with old key that DNS Root Operators
> see at root servers.
> Just make sure it contains only the new DNSKEY (2017) and not both.
> Ondřej Surý
>> On 14 May 2019, at 01:38, Sylvain Beucler <firstname.lastname@example.org> wrote:
>> On 13/05/2019 05:43, Ondřej Surý wrote:
>>> could you please update dns-root-data package in Jessie LTS to latest version from Unstable/Stretch?
>> I'll backport it following dkg's stretch update.
>> Besides setting up a bind9, anything we should test?