[Yeti DNS Discuss] Yeti KSK roll status

Daniel Stirnimann daniel.stirnimann at switch.ch
Thu May 4 12:11:51 UTC 2017


>> dig @::1 . soa +short
>> www.yeti-dns.org. tisf.yeti-dns.org. 2017050300 1800 900 604800 86400
> 
> From the dig result, the DNSKEY RRset got from DM-TISF, currently,  the
> revoked KSK have not been used by DM-TISF.
> So your resovler did not get the revoked DNSKEY RRset.
> Please check the resovler at next serial number.

"A key" is revoked but it's key id 19572. key id 19444 does not exist
anymore!

rndc managed-keys status
view: default
next scheduled event: Thu, 04 May 2017 22:31:06 GMT

    name: .
    keyid: 19572
	algorithm: RSASHA256
	flags: REVOKE SEP
	next refresh: Thu, 04 May 2017 22:31:06 GMT
	remove at: Sat, 03 Jun 2017 10:31:06 GMT
	trust revoked
    keyid: 59302
	algorithm: RSASHA256
	flags: SEP
	next refresh: Thu, 04 May 2017 22:31:06 GMT
	trusted since: Sun, 02 Apr 2017 21:20:02 GMT

Daniel


More information about the discuss mailing list