On 11/10/18 00:28, Rene 'Renne' Bartsch, B.Sc. Informatics wrote: > Hi, > > the old root-KSK will be deleted today at 16:00 UTC and the TTLs will > run out not later than 48 hours. > > Does Dnsmasq support IETF RFC 5011 or are there any plans to implement > IETF RFC 5011? >
No, and probably not. My take on this is that anything running dnsmasq has net access, by definition, and really should have a method of doing automatic updates for security fixes, etc. As such it has a method of authentication put in place by the software providers, and that is the best way to update the root key. The RFC5011 method is surprisingly limited. Any software image with only has the original key "baked in" will not update to the new key using RFC5011 now, since 5011 relies on a period when the new key is published and the old still trusted during which the host is active. Cheers, Simon. > Regards, > > Renne > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
