On Sun, Oct 7, 2018 at 2:13 PM Rick Thomas <[email protected]> wrote: > > What do I need to do to be ready for the DNSSEC Root KSK (key signing key) > rollover on October 11, 2018? >
Well, dnsmasq already commited a patch for the new trust anchor : http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=05da782f8f45933915af0ef3cc1ba35e31d20c59 > As mentioned in CircleID article at > > http://www.circleid.com/posts/20181005_how_to_prepare_for_dnssec_root_ksk_rollover_on_october_11_2018/ > and the ICANN page at > • https://www.icann.org/kskroll > > I’m running a more or less stock-out-of-the-box Debian Stretch with the > latest (for Stretch) dnsmasq version 2.76-5+deb9u1. > > > cat /usr/share/dnsmasq-base/trust-anchors.conf > > # The root DNSSEC trust anchor, valid as at 30/01/2014 > > > > # Note that this is a DS record (ie a hash of the root Zone Signing Key) > > # If was downloaded from https://data.iana.org/root-anchors/root-anchors.xml > > > > trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 > > Which, IIUC, says it’s using root trust anchor ID 19036 extracted on Jan 30, > 2014, not ID 20326 extracted any time in the last 12 months. > > Is there an update I have missed applying? I see that Debian Sid is on > version 2.79-1. > > Thanks! > Rick > _______________________________________________ > Dnsmasq-discuss mailing list > [email protected] > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss _______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
