[Yeti DNS Discuss] Yeti KSK revoke status

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Aug 31 10:28:47 UTC 2016


On Wed, Aug 31, 2016 at 06:11:30PM +0800,
 dbgong <dbgong at biigroup.cn> wrote 
 a message of 82 lines which said:

> for unbound:
> you will find that new KSK(19444) is in VALID status, and  the old
> revoked KSK(56082) is in REVOKED status.

Works for me (times are UTC+2):

; autotrust trust anchor file
;;id: . 1
;;last_queried: 1472617700 ;;Wed Aug 31 06:28:20 2016
;;last_success: 1472617700 ;;Wed Aug 31 06:28:20 2016
;;next_probe_time: 1472657669 ;;Wed Aug 31 17:34:29 2016
;;query_failed: 0
;;query_interval: 43200
;;retry_time: 8640
.	      3600	IN	DNSKEY	385 3 8
;AwEAAaP3gGQ4db0tAiDEky0dcUNGeI1aTDYP5NFxzhbdpD60ZhKLVV4KyxPmoSNUpq5Fv5M
0iBwK1Tyswsyq/9sMSoZ8zx8aT3ho1YnPsSqQeJfjTT1WsX6YZ5Kw6B2QkjRNa6OMGZ96Kn8AI/slqsw+z8hY49Sn3baeo9iJxHPzloNc2dQkW4
aLqzNEYxnuoJsthCfGrPSAXlUjY9m3YKIaEWR5WFYQk770fT+gGWLk/54Vp0sG+Lw75JZnwhDhixPFaToTDNqbHQmkEylq1XJLO15uZ/+RZNRfT
XZKO4fVR0tMEbMAITqRmyP8xLXY4RXbS4J32gnenQbzABX8sQmwO7s= ;{id = 56082
;(ksk), size = 2048b} ;;state=4 [ REVOKED ]
 ;;count=0 ;;lastchange=1472617700 ;;Wed Aug 31 06:28:20 2016
 .	   86400		   IN	 DNSKEY	257 3 8
 AwEAAbA0lBT1aDxwoNl7d/fXqFFBtL+VwBLqgOYHgAqrnvhRvHs+GrTWZZ5gZu/0NeX4YGX
 movT1nGpY/9oi30pDvbzPluQXOKSVP/xr1KyLPp8pxiVqGe973F55fX4iQOUMB2n2VXfIxSryTNYPz44Zltpa10WAVYzHpy3oxx0qZSeDsdPHMN
 B7Ym0hBMY92cifWyQWifHbcgbFGf2mpwF00vALl92qhnvIORVZC/ihNNd7DvQtMLdUvSoQ0woC/EhqexXQv0bLlPkG55d37JoaVbWCEnWLZ+CT+
 Eei5U4VCqH+xCEvOjT45ZQt0kfB3K4bwfh6D5EBleJ13z3pbUwBy0U= ;{id = 19444
 (ksk), size = 2048b} ;;state=2 [  VALID  ]
  ;;count=0 ;;lastchange=1472139347 ;;Thu Aug 25 17:35:47 2016
  
> for BIND 9:
> cd /path/to/managed-key-dir/
> cat $(ls -t *.mkeys|head -1) # find the latest managed keys

Hmmm, no, not for my old BIND 9.9.5 (times are UTC):

/var/cache/bind % ls -alt
total 16
drwxrwxr-x  2 root bind 4096 Aug 31 10:11 .
-rw-r--r--  1 bind bind 1718 Aug 31 10:11 managed-keys.bind
-rw-r--r--  1 bind bind  512 Aug 31 10:11 managed-keys.bind.jnl
drwxr-xr-x 19 root root 4096 Jul  2  2015 ..

And  managed-keys.bind does not seem to indicate the status of the
keys.



More information about the discuss mailing list