[Yeti DNS Discuss] Yeti KSK rolled at 2017041100

Davey Song(宋林健) ljsong at biigroup.cn
Wed Apr 12 02:43:13 UTC 2017


Hi Folks, 

For your information, the Yeti new KSK(59032) now is signing the keys. If you are running a yeti resolver, please check the state of KSK in the resolver. There are methods to verify the KSK is workable for your resolver. 

* For unbound:
cat yeti.key
you will find that new KSK(59302) is in VALID status

* For BIND 9:
cd /path/to/managed-key-dir/
cat $(ls -t *.mkeys|head -1) # find the latest managed keys
or  cat managed-keys.bind


* For Knot (provide by Stephane Bortzmeyer): 

cat /etc/kresd/yeti-root.keys

root at turris:~# socat - UNIX-CONNECT:/tmp/kresd/tty/$(pidof kresd)
> trust_anchors.keyset()
[string "return table_print(trust_anchors.keyset())"]:1: attempt to call field 'keyset' (a table value)
> trust_anchors.keyset
[1] => {
    [owner] => \0
    [key_tag] => 19444
    [state] => Valid
    [type] => 48
    [ttl] => 3600
    [rdata] => \1\1\3\8\3\1\0\1\1764\148\20\245h<p\160\217{w\247\215\168QA\180\191\149\192\18\234\128\230\7\128\10\171\158\248Q\188{>\26\180\214e\158`f\239...
    [class] => 1
}
[2] => {
    [owner] => \0
    [key_tag] => 59302
    [rdata] => \1\1\3\8\3\1\0\1\214Y\168\190\185L\15\228\30B\234\215\227\141\229\228\24\155\211\212\6\5yQ\6\207q\11Q\1v\218wYz\155\164t\136\146 \227\162...
    [state] => AddPend
    [type] => 48
    [ttl] => 86390
    [timer] => 1491933912
    [class] => 1
}

Davey

 





More information about the discuss mailing list