[Yeti DNS Discuss] Yeti KSK rolled at 2017041100

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Apr 13 10:05:32 UTC 2017


On Wed, Apr 12, 2017 at 10:43:13AM +0800,
 Davey Song <ljsong at biigroup.cn> wrote 
 a message of 52 lines which said:

> For your information, the Yeti new KSK(59032) now is signing the
> keys. If you are running a yeti resolver, please check the state of
> KSK in the resolver.

It worked on my Unbounds:

.	86400	IN	DNSKEY	257 3 8 AwEAAdZZqL65TA/kHkLq1+ON5eQYm9PUBgV5UQbPcQtRAXbad1l6m6R0iJIg46IiyFyUkEh+H7Z9/oPNnkM9zub2TjFiNVZUSnpyWtPqVD5nHrhUOdS3yW/AXpZuNJ3zX9XDXUpiEnfTPOMrUiZppP1fqx/jnAC9YDLs4K26ocoDyQp+umu+eOrP/TOacRag+9r9NiQzsVuXHQnCwpPY4NwlA7QRaOOjBiI9tNEDD2khVE7Yy5c/sZYirlTOTEBbXkd9l9WVqRgEO+ikb8GMg7hgOddvqj7ItBZvBUACQc3c0OqaLnEZx6CwIQpjxpPPYdyiEdKSwHGH3V3TfS+AEQlW8uk= ;{id = 59302 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1491092302 ;;Sun Apr  2 02:18:22 2017
.	86400	IN	DNSKEY	257 3 8 AwEAAbA0lBT1aDxwoNl7d/fXqFFBtL+VwBLqgOYHgAqrnvhRvHs+GrTWZZ5gZu/0NeX4YGXmovT1nGpY/9oi30pDvbzPluQXOKSVP/xr1KyLPp8pxiVqGe973F55fX4iQOUMB2n2VXfIxSryTNYPz44Zltpa10WAVYzHpy3oxx0qZSeDsdPHMNB7Ym0hBMY92cifWyQWifHbcgbFGf2mpwF00vALl92qhnvIORVZC/ihNNd7DvQtMLdUvSoQ0woC/EhqexXQv0bLlPkG55d37JoaVbWCEnWLZ+CT+Eei5U4VCqH+xCEvOjT45ZQt0kfB3K4bwfh6D5EBleJ13z3pbUwBy0U= ;{id = 19444 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1472139347 ;;Thu Aug 25 17:35:47 2016

But not on the Knot resolver (kresd) on my Turris Omnia.

root at turris:/etc/config# cat /etc/kresd/yeti-root.keys
. 3600 IN TYPE48 \# 264 0101030803010001B0349414F5683C70A0D97B77F7D7A85141B4BF95C012EA80E607800AAB9EF851BC7B3E1AB4D6659E6066EFF435E5F86065E6A2F4F59C6A58FFDA22DF4A43BDBCCF96E41738A4953FFC6BD4AC8B3E9F29C6256A19EF7BDC5E797D7E2240E50C0769F65577C8C52AF24CD60FCF8E1996DA5AD74580558CC7A72DE8C71D2A652783B1D3C730D07B626D2104C63DD9C89F5B241689F1DB7206C519FDA6A70174D2F00B97DDAA867BC83915590BF8A134D77B0EF42D30B754BD2A10D30A02FC486A7B15D0BF46CB94F906E79777EC9A1A55B58212758B67E093F847A2E54E150AA1FEC4212F3A34F8E5942DD247C1DCAE1BC1F87A0F910195E275DF3DE96D4C01CB45 ; Valid

I had to update it by hand. Don't know what happened, I'll search.


More information about the discuss mailing list