[Yeti DNS Discuss] First KSK rollover in Yeti Testbed
Shane Kerr
shane at biigroup.cn
Wed Jul 1 09:53:37 UTC 2015
All,
On Tue, 30 Jun 2015 18:14:54 +0800
Davey Song (宋林健) <ljsong at biigroup.cn> wrote:
> NOTE THAT: the Yeti KSK is going to rollover 2.5 hours later. The yeti KSK
> (RSASHA256 2048) rollover every three month.
I see that my Unbound resolver seems to have picked up the new KSK:
root at TL-WR1043N:/etc/unbound# cat yeti-key.key
; autotrust trust anchor file
;;id: . 1
;;last_queried: 1435720737 ;;Wed Jul 1 03:18:57 2015
;;last_success: 1435720737 ;;Wed Jul 1 03:18:57 2015
;;next_probe_time: 1435760883 ;;Wed Jul 1 14:28:03 2015
;;query_failed: 0
;;query_interval: 43200
;;retry_time: 8640
. 85667 IN DNSKEY 257 3 8 AwEAAchb6LrHCdz9Yo55u1id/b+X1FqVDF66xNrhbgnV+vtpiq7pDsT8KgzSijNuGs4GLGsMhVE/9H0wOtmVRUQqQ50PHZsiqg8gqB6i5zLortjpaCLZS7Oke1xP+6LzVRgT4c8NXlRBg3m/gDjzijBD0BMACjVGZNv0gReAg2OCr9dBrweE6DnM6twG7D2NyuGjpWzKeJfNd3Hek39V9NGHuABGkmYG16XCao37IWcP/s/57HuBom5U3SNfuzfVDppokatuL6dXp9ktuuVXsESc/rUERU/GPleuNfRuPHFr3URmrRud4DYbRWNVIsxqkSLrCldDjP1Hicf3S8NgVHJTSRE= ;{id = 24439 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1434446432 ;;Tue Jun 16 09:20:32 2015
. 86400 IN DNSKEY 257 3 8 AwEAAaP3gGQ4db0tAiDEky0dcUNGeI1aTDYP5NFxzhbdpD60ZhKLVV4KyxPmoSNUpq5Fv5M0iBwK1Tyswsyq/9sMSoZ8zx8aT3ho1YnPsSqQeJfjTT1WsX6YZ5Kw6B2QkjRNa6OMGZ96Kn8AI/slqsw+z8hY49Sn3baeo9iJxHPzloNc2dQkW4aLqzNEYxnuoJsthCfGrPSAXlUjY9m3YKIaEWR5WFYQk770fT+gGWLk/54Vp0sG+Lw75JZnwhDhixPFaToTDNqbHQmkEylq1XJLO15uZ/+RZNRfTXZKO4fVR0tMEbMAITqRmyP8xLXY4RXbS4J32gnenQbzABX8sQmwO7s= ;{id = 55954 (ksk), size = 2048b} ;;state=1 [ ADDPEND ] ;;count=2 ;;lastchange=1435720024 ;;Wed Jul 1 03:07:04 2015
Looks like this RFC 5011 stuff may actually work! :-D
Cheers,
--
Shane
More information about the discuss
mailing list