[Yeti DNS Discuss] Yeti KSK revoke status

dbgong dbgong at biigroup.cn
Wed Aug 31 10:11:30 UTC 2016

Hi Folks,

Now the old KSK(55954) have been revoked.
Please check your resolver status.

for unbound:
cat yeti.key
you will find that new KSK(19444) is in VALID status, and  the old revoked KSK(56082) is in REVOKED status.

for BIND 9:
cd /path/to/managed-key-dir/
cat $(ls -t *.mkeys|head -1) # find the latest managed keys

for root operator:
dig @root-server-addr . dnskey +dnssec +multi|grep -1 RRSIG
you will see KSK 19444 and 56082

But one  DM failed to do the revoke action, so you may see the old KSK(55954).
In the next serial 2016083100, all Yeti root servers will get the new KSK(19444) and  revoked KSK(56082).


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20160831/a4fe50c0/attachment.html>

More information about the discuss mailing list