Bug#877683: jessie version of dns-root-data lacks new ksk in root.ds

Control: fixed -1 2017072601~deb9u1 Hi, Sergio Gelato wrote on Wed, Oct 04, 2017 at 11:26:02 +0200: > Package: dns-root-data > Version: 2017072601~deb8u1 > Severity: serious > > The corresponding package in stretch-updates looks OK. Could it be that the > one in jessie-updates needs to be built

Bug#877683: [Pkg-dns-devel] Bug#877683: jessie version of dns-root-data lacks new ksk in root.ds

On Thu 2017-10-19 18:12:38 -0400, Daniel Kahn Gillmor wrote: > after a bit of investigation, it looks like we're also missing a few > other commits, which i'll try to cherry-pick and build later tonight. I've just pushed a series of cherry-picks to master-jessie at

Bug#877683: [Pkg-dns-devel] Bug#877683: jessie version of dns-root-data lacks new ksk in root.ds

On Thu 2017-10-19 23:23:08 +0200, Sergio Gelato wrote: > * Daniel Kahn Gillmor [2017-10-19 15:44:40 -0400]: >> However, i'm not convinced that dnssec-dsfromkey is at fault, because i >> think the versions of dnssec-dsfromkey in stretch and buster both have >> the same behavior. > > It turns out

Bug#877683: [Pkg-dns-devel] Bug#877683: jessie version of dns-root-data lacks new ksk in root.ds

* Daniel Kahn Gillmor [2017-10-19 15:44:40 -0400]: > However, i'm not convinced that dnssec-dsfromkey is at fault, because i > think the versions of dnssec-dsfromkey in stretch and buster both have > the same behavior. It turns out the following change from version 2017020200 of the package was

Bug#877683: [Pkg-dns-devel] Bug#877683: jessie version of dns-root-data lacks new ksk in root.ds

On Wed 2017-10-04 14:45:30 +0200, Sergio Gelato wrote: > * Sergio Gelato [2017-10-04 11:26:02 +0200]: >> The corresponding package in stretch-updates looks OK. Could it be that the >> one in jessie-updates needs to be built with a newer version of bind9utils? > > Indeed it seems that jessie's

Bug#877683: [Pkg-dns-devel] Bug#877683: jessie version of dns-root-data lacks new ksk in root.ds

Sergio Gelato wrote: > Package: dns-root-data > Version: 2017072601~deb8u1 > Severity: serious > > The version of this package that is currently in jessie-updates still only > lists the old key 19036 in /usr/share/dns/root.ds. Confirmed, I see the two keys in /usr/share/dns/root.key but not in

Bug#877683: jessie version of dns-root-data lacks new ksk in root.ds

* Sergio Gelato [2017-10-04 11:26:02 +0200]: > The corresponding package in stretch-updates looks OK. Could it be that the > one in jessie-updates needs to be built with a newer version of bind9utils? Indeed it seems that jessie's (including jessie-updates') dnssec-dsfromkey only processes the

Bug#877683: jessie version of dns-root-data lacks new ksk in root.ds

Package: dns-root-data Version: 2017072601~deb8u1 Severity: serious The version of this package that is currently in jessie-updates still only lists the old key 19036 in /usr/share/dns/root.ds. If I understood correctly, starting a week from now the root zone will only be signed with the new key