[Yeti DNS Discuss] Yeti KSK roll status

dbgong dbgong at biigroup.cn
Wed May 3 09:14:01 UTC 2017


Hi Folks, 
 
The old Yeti  KSK(19444) have been revoked, and it will take effect at next serial number(2017050300)
 If you are running a yeti resolver, please check the state of KSK in the resolver.
 
* For unbound:
cat yeti.key

 
* For BIND 9:
cd /path/to/managed-key-dir/
cat $(ls -t *.mkeys|head -1) # find the latest managed keys
or  cat managed-keys.bind
 
 
* For Knot (provide by Stephane Bortzmeyer): 
 
cat /etc/kresd/yeti-root.keys
 
# socat - UNIX-CONNECT:/tmp/kresd/tty/$(pidof kresd)
> trust_anchors.keyset()
[string "return table_print(trust_anchors.keyset())"]:1: attempt to call field 'keyset' (a table value)
> trust_anchors.keyset

Regards,
--
Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20170503/7e8fbb78/attachment.html>


More information about the discuss mailing list