[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dns-root-data in Jessie LTS


AFAICS dns-root-data has no reverse-dependency in Jessie (I ran the
script in a more recent box and got confused).
Does it make sense to update it after all?

bind9 ships 3 keys in /etc/bind/bind.keys with the comment "Servers
which were already using the old key (19036) should roll seamlessly to
this new one via RFC 5011 rollover" - hmm, so isn't this working as

unbound doesn't seem to ship any key (I only see the old 19036 in
testdata/ in the source package).
However it populated /var/lib/unbound/root.key with 20326 on install.


On 13/05/2019 20:45, Ondřej Surý wrote:
> Hi Sylvain,
> I am actually not sure whether BIND 9 in Jessie already uses dns-root-data,
> so maybe same procedure will be needed for bind9 package.
> Could you perhaps also check unbound?
> This is the most probable cause of the weird traffic with old key that DNS Root Operators
> see at root servers.
> Just make sure it contains only the new DNSKEY (2017) and not both.
> Thanks,
> Ondrej
> --
> Ondřej Surý
> ondrej@isc.org
>> On 14 May 2019, at 01:38, Sylvain Beucler <beuc@beuc.net> wrote:
>> Hi,
>> On 13/05/2019 05:43, Ondřej Surý wrote:
>>> could you please update dns-root-data package in Jessie LTS to latest version from Unstable/Stretch?
>> I'll backport it following dkg's stretch update.
>> Besides setting up a bind9, anything we should test?
>> Cheers!
>> Sylvain

Reply to: