Re: DNS Key rollover
Please do not top post.
On Thu, Oct 04, 2018 at 02:15:52PM -0400, Default User wrote:
> Hi, Henning.
> I am running Unstable, with 4.18.0-2 amd-64 kernel, all updated.
> I don't know anything about bind. How do I know what bind version I am
> running, and if I need to do anything regarding the change you mentioned?
Stretch's bind has this public part of root's KSK:
# grep -A2 20326 /etc/bind/bind.keys
# This key (20326) is to be published in the root zone in 2017.
# Servers which were already using the old key (19036) should
# roll seamlessly to this new one via RFC 5011 rollover. Servers
If you have the same - there's nothing to do.
If you don't - DNSSEC will stop working for you in seven days.
If you do not use BIND - there's nothing to do.