Re: dns-root-data in Jessie LTS
Ping ? :)
On 13/05/2019 21:14, Sylvain Beucler wrote:
> Hi,
>
> AFAICS dns-root-data has no reverse-dependency in Jessie (I ran the
> script in a more recent box and got confused).
> Does it make sense to update it after all?
>
> bind9 ships 3 keys in /etc/bind/bind.keys with the comment "Servers
> which were already using the old key (19036) should roll seamlessly to
> this new one via RFC 5011 rollover" - hmm, so isn't this working as
> intended?
>
> unbound doesn't seem to ship any key (I only see the old 19036 in
> testdata/ in the source package).
> However it populated /var/lib/unbound/root.key with 20326 on install.
>
> Cheers!
> Sylvain
>
> On 13/05/2019 20:45, Ondřej Surý wrote:
>> Hi Sylvain,
>>
>> I am actually not sure whether BIND 9 in Jessie already uses dns-root-data,
>> so maybe same procedure will be needed for bind9 package.
>>
>> Could you perhaps also check unbound?
>>
>> This is the most probable cause of the weird traffic with old key that DNS Root Operators
>> see at root servers.
>>
>> Just make sure it contains only the new DNSKEY (2017) and not both.
>>
>> Thanks,
>> Ondrej
>> --
>> Ondřej Surý
>> ondrej@isc.org
>>
>>> On 14 May 2019, at 01:38, Sylvain Beucler <beuc@beuc.net> wrote:
>>>
>>> Hi,
>>>
>>> On 13/05/2019 05:43, Ondřej Surý wrote:
>>>> could you please update dns-root-data package in Jessie LTS to latest version from Unstable/Stretch?
>>> I'll backport it following dkg's stretch update.
>>>
>>> Besides setting up a bind9, anything we should test?
>>>
>>> Cheers!
>>> Sylvain
Reply to: