Web lists-archives.com

Re: DNS Key rollover for dnsmasq [SOLVED}




On 07-10-2018 07:11, Rick Thomas wrote:
> On further study, it seems that (in Debian Stretch, at least) the root KSK’s used by dnsmasq are taken from the file /usr/share/dns/root.ds, which is provided by the package dns-root-data; and that package seems to be part of the standard Stretch installation.  That file lists both keys (the new “20326” and the old “19036”). So it’s all set to go.  No need to panic…  (-:

Where did you get that information from? I found nothing about
dns-root-data in dnsmasq package.

I'd just add a new trust-anchor to the configuration. Just copy and
paste from https://github.com/imp/dnsmasq/blob/master/trust-anchors.conf

-- 
	O que eu temo não e a estrategia do inimigo, mas os nossos
	erros
		-- Pericles, filosofo grego

Eduardo M KALINOWSKI
eduardo@xxxxxxxxxxxxxxxxx