Web lists-archives.com

Re: DNS Key rollover for dnsmasq [SOLVED}




On Oct 7, 2018, at 3:36 AM, Eduardo M KALINOWSKI <eduardo@xxxxxxxxxxxxxxxxx> wrote:

> On 07-10-2018 07:11, Rick Thomas wrote:
>> On further study, it seems that (in Debian Stretch, at least) the root KSK’s used by dnsmasq are taken from the file /usr/share/dns/root.ds, which is provided by the package dns-root-data; and that package seems to be part of the standard Stretch installation.  That file lists both keys (the new “20326” and the old “19036”). So it’s all set to go.  No need to panic…  (-:
> 
> Where did you get that information from? I found nothing about
> dns-root-data in dnsmasq package.
> 
> I'd just add a new trust-anchor to the configuration. Just copy and
> paste from https://github.com/imp/dnsmasq/blob/master/trust-anchors.conf
> 
> -- 
> 	O que eu temo não e a estrategia do inimigo, mas os nossos
> 	erros
> 		-- Pericles, filosofo grego
> 
> Eduardo M KALINOWSKI
> eduardo@xxxxxxxxxxxxxxxxx

Hi Eduardo,

I got it from “ps auww `prep dnsmasq`” then following up what I saw by looking in /etc/init.d/dnsmasq, which is called by systemd in “/lib/systemd/system/dnsmasq.service” (as is the case for lots of services that still rely on /etc/init.d for startup).

Enjoy!
Rick