On Tue, Apr 21, 2015 at 9:55 AM, Edward Lewis <edward.le...@icann.org> wrote: > On 4/21/15, 9:45, "Tony Finch" <d...@dotat.at> wrote: >>rndc secroots >> >>You can also look in the .mkeys file. > > I tried secroots with my set up, I got nothing despite the mkeys file. > (Kind of asking - does that work?): > > (I had my rndc port bumped out of sudo-land, so it's overridden:) > > $ rndc -p 1953 -c rndc.conf secroots
>From the ARM: secroots-file: The pathname of the file the server dumps security roots to when instructed to do so with rndc secroots. If not specified, the default is named.secroots. root@eric:/var/named# rndc secroots root@eric:/var/named# more named.secroots 21-Apr-2015 10:07:02.278 Start view external ./RSASHA256/19036 ; managed dlv.isc.org/RSASHA1/19297 ; trusted W > > $ > > $ cat > 21ce078705d04ca6324c1d0313fc08ea99f3cef6389a6744d40bd2d9d0cd7816.mkeys > $ORIGIN . > $TTL 0 ; 0 seconds > @ IN SOA . . ( > 879 ; serial > 0 ; refresh (0 seconds) > 0 ; retry (0 seconds) > 0 ; expire (0 seconds) > 0 ; minimum (0 seconds) > ) > KEYDATA 20150421135415 20150421125042 19700101000000 > 257 3 8 ( > AwEAAb7pfymUZ3LzR7ldtJ5fvgxxu/Y4I7QtBmlqlhJS > Je6Ugw+/72eYAnLYh7xHaNkAzjP6oi1rxOL0s9wj7TVU > +r9bK+KuzOvZfKzNS+ywTdZ0QXSJSJNTLJfgaMMvnyp/ > K2LajQ4wNV1UblSqPPs9FdCXqVbxKF7i4j6h6QO61xkf > s2LSkiPu+TCK05fizdfuDIit8KlQr6sgV1jiBrXm4kmY > 5o9txePRz8oy/C4+6IDVtA1zSlDTvsbwYk1KjHa9CXcA > 7BkuYaBlxB4zgBF/koaX55IdhbKKkwsN8qJhPanu72zq > 2933IF96RtikjvX/ugC7VBvNlGgy5dQrvKu/G7M= > ) ; KSK; alg = RSASHA256; key id = 26512 > ; next refresh: Tue, 21 Apr 2015 13:54:15 GMT > ; trusted since: Tue, 21 Apr 2015 12:50:42 GMT > KEYDATA 20150421135415 20150421135145 19700101000000 > 257 3 8 ( > AwEAAeHrxs5uJwldPTjAplgBzGRptPYrFgNFoPZDyrEa > CAuNckUuHkQIMr5Pkv/XONS2CLcLmq5HtvLPzevkAjWv > wIMhYn0nE4fTTl8diTnOFKLEcPBs/jAqKU5n/ZV5ZXiP > NCUgg3qvXetntojb+JesE9fdYgUlWrgIUjx9y17Fhb+J > lP56kqhxER2L0AUEFTH+x/Jxkzea6E8FFkYGUJ+tzEt0 > S+ESRaDTNmdKgqe9GAi6ID3GRYgsn9cgNIOmBYHrzhQv > R5XaTK37nUlVMKjyQxu2Lq+lhIu9348aSt+g42QJxJ1s > VTRPVPEVQt1s71SHuWTd/OBCz5f8fZqQrG0mA9E= > ) ; KSK; alg = RSASHA256; key id = 8869 > ; next refresh: Tue, 21 Apr 2015 13:54:15 GMT > ; trusted since: Tue, 21 Apr 2015 13:51:45 GMT > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users