Re: dns-root-data in Jessie LTS
Ping ? :)
On 13/05/2019 21:14, Sylvain Beucler wrote:
> AFAICS dns-root-data has no reverse-dependency in Jessie (I ran the
> script in a more recent box and got confused).
> Does it make sense to update it after all?
> bind9 ships 3 keys in /etc/bind/bind.keys with the comment "Servers
> which were already using the old key (19036) should roll seamlessly to
> this new one via RFC 5011 rollover" - hmm, so isn't this working as
> unbound doesn't seem to ship any key (I only see the old 19036 in
> testdata/ in the source package).
> However it populated /var/lib/unbound/root.key with 20326 on install.
> On 13/05/2019 20:45, Ondřej Surý wrote:
>> Hi Sylvain,
>> I am actually not sure whether BIND 9 in Jessie already uses dns-root-data,
>> so maybe same procedure will be needed for bind9 package.
>> Could you perhaps also check unbound?
>> This is the most probable cause of the weird traffic with old key that DNS Root Operators
>> see at root servers.
>> Just make sure it contains only the new DNSKEY (2017) and not both.
>> Ondřej Surý
>>> On 14 May 2019, at 01:38, Sylvain Beucler <firstname.lastname@example.org> wrote:
>>> On 13/05/2019 05:43, Ondřej Surý wrote:
>>>> could you please update dns-root-data package in Jessie LTS to latest version from Unstable/Stretch?
>>> I'll backport it following dkg's stretch update.
>>> Besides setting up a bind9, anything we should test?