[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DNS Key rollover

On Thu, Oct 4, 2018 at 2:33 PM Reco <recoverym4n@enotuniq.net> wrote:

Please do not top post.

On Thu, Oct 04, 2018 at 02:15:52PM -0400, Default User wrote:
> Hi, Henning.
> I am running Unstable, with 4.18.0-2 amd-64 kernel, all updated.
> I don't know anything about bind. How do I know what bind version I am
> running, and if I need to do anything regarding the change you mentioned?

Stretch's bind has this public part of root's KSK:

# grep -A2 20326 /etc/bind/bind.keys
        # This key (20326) is to be published in the root zone in 2017.
        # Servers which were already using the old key (19036) should
        # roll seamlessly to this new one via RFC 5011 rollover. Servers

If you have the same - there's nothing to do.
If you don't - DNSSEC will stop working for you in seven days.
If you do not use BIND - there's nothing to do.


Hi, guys.

I don't even know what bind is.  But did some checking. AFAIK I never installed it, don't use it, and it does not appear to exist on my system. 

So apparently it is irrelevant for me, and will be ignored for now. 
Thanks for the info.

Reply to: