[Yeti DNS Discuss] Yeti KSK revoke status

dbgong dbgong at biigroup.cn
Thu Sep 1 03:54:28 UTC 2016


Thank you Daniel.

Our resolver have got the revoked KSK(56082)

BIND 9.10.4: cat latest.mkeys
 revoked KSK; alg = RSASHA256; key id = 56082 
; next refresh: Thu, 01 Sep 2016 05:01:06 GMT 
; trusted since: Tue, 29 Sep 2015 07:49:02 GMT 
; removal pending: Fri, 30 Sep 2016 05:01:05 GMT 

) ; KSK; alg = RSASHA256; key id = 19444 
; next refresh: Thu, 01 Sep 2016 05:01:06 GMT 
; trusted since: Tue, 09 Aug 2016 18:41:03 GMT 



On 2016-08-31  19:30 
  Daniel Stirnimann  <daniel.stirnimann at switch.ch> wrote:
 
Thank you Kevin
 
> for BIND 9:
> cd /path/to/managed-key-dir/
> cat $(ls -t *.mkeys|head -1) # find the latest managed keys
 
I must admit, I really like the new rndc managed-keys command in the
upcoming BIND 9.11:
 
rndc managed-keys status
view: default
next scheduled event: Wed, 31 Aug 2016 22:56:44 GMT
 
    name: .
    keyid: 56082
algorithm: RSASHA256
flags: REVOKE SEP
next refresh: Wed, 31 Aug 2016 22:56:44 GMT
remove at: Thu, 29 Sep 2016 15:04:45 GMT
trust revoked
    keyid: 19444
algorithm: RSASHA256
flags: SEP
next refresh: Wed, 31 Aug 2016 22:56:44 GMT
trusted since: Wed, 10 Aug 2016 15:41:29 GMT
    keyid: 55954
algorithm: RSASHA256
flags: SEP
next refresh: Wed, 31 Aug 2016 22:56:44 GMT
trust pending: Fri, 30 Sep 2016 06:11:53 GMT
 
Daniel
 

---
Kevin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20160901/1e09e559/attachment.html>


More information about the discuss mailing list