[ksk-rollover] new root trust anchor confirmation
Tony Finch
dot at dotat.at
Thu Aug 10 21:01:26 UTC 2017
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at
> On 10 Aug 2017, at 21:03, Wessels, Duane via ksk-rollover <ksk-rollover at icann.org> wrote:
>> On Aug 10, 2017, at 9:57 AM, Daisuke HIGASHI <daisuke.higashi at gmail.com> wrote:
>>
>> Is there any method to confirm that my validator has accepted new
>> root KSK trust anchor and can actually validates with new TA before 11
>> Oct?
>
> In general, no.
>
> If you happen to run a recent unbound you could query your validator for
> trustanchor.unbound CH TXT
And for recent BIND, use `rndc managed-keys status` or for less recent BIND use `rndc secroots` (which dumps to named.secroots in the server's working directory instead of stdout).
The new key should start being trusted about now, since it is 30 days after publication :-)
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at
More information about the ksk-rollover
mailing list