Web lists-archives.com

Re: DNS Key rollover




	Hi.

Please do not top post.

On Thu, Oct 04, 2018 at 02:15:52PM -0400, Default User wrote:
> Hi, Henning.
> 
> I am running Unstable, with 4.18.0-2 amd-64 kernel, all updated.
> 
> I don't know anything about bind. How do I know what bind version I am
> running, and if I need to do anything regarding the change you mentioned?

Stretch's bind has this public part of root's KSK:

# grep -A2 20326 /etc/bind/bind.keys
        # This key (20326) is to be published in the root zone in 2017.
        # Servers which were already using the old key (19036) should
        # roll seamlessly to this new one via RFC 5011 rollover. Servers

If you have the same - there's nothing to do.
If you don't - DNSSEC will stop working for you in seven days.
If you do not use BIND - there's nothing to do.

Reco