[ksk-rollover] Automated Updates (aka RFC 5011) add-hold for the new root zone KSK expires soon
Ólafur Guðmundsson
olafur at cloudflare.com
Fri Aug 11 16:16:54 UTC 2017
I checked and all the Unbound servers my employer operates has accepted the
new KSK as trusted
My personal ones as well
Olafur
On Fri, Aug 11, 2017 at 8:00 AM, Edward Lewis <edward.lewis at icann.org>
wrote:
> My servers picked it up - a BIND 9.9.5-3ubuntu0.13-Ubuntu and an Unbound
> 1.5.8.
>
> I couldn't check on my Aug 10 (an eye exam related issue), but when I woke
> up Aug 11 they were caught up.
>
> On 8/10/17, 22:20, "Richard Lamb" <richard.lamb at icann.org> wrote:
>
> Samples before and after today.
>
> *** 10 Aug 2017 1815 UTC APPEND ***
>
> /usr/local/etc/unbound$ cat root.key
> ; autotrust trust anchor file
> ;;id: . 1
> ;;last_queried: 1502363785 ;;Thu Aug 10 04:16:25 2017
> ;;last_success: 1502363785 ;;Thu Aug 10 04:16:25 2017
> ;;next_probe_time: 1502406039 ;;Thu Aug 10 16:00:39 2017
> ;;query_failed: 0
> ;;query_interval: 43200
> ;;retry_time: 8640
> . 172800 IN DNSKEY 257 3 8 AwEAAaz/
> tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/
> 4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnI
> DdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/
> EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsI
> XxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
> ;{id = 20326 (ksk), size = 2048b} ;;state=1 [ ADDPEND ] ;;count=65
> ;;lastchange=1499788113 ;;Tue Jul 11 08:48:33 2017
> . 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+
> 9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/
> RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/
> Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G
> 3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+
> ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id =
> 19036 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0
> ;;lastchange=1480379125 ;;Mon Nov 28 16:25:25 2016
>
> *** 11 Aug 2017 0112 UTC ***
>
> /usr/local/etc/unbound$ cat root.key
> ; autotrust trust anchor file
> ;;id: . 1
> ;;last_queried: 1502406039 ;;Thu Aug 10 16:00:39 2017
> ;;last_success: 1502406039 ;;Thu Aug 10 16:00:39 2017
> ;;next_probe_time: 1502447443 ;;Fri Aug 11 03:30:43 2017
> ;;query_failed: 0
> ;;query_interval: 43200
> ;;retry_time: 8640
> . 172800 IN DNSKEY 257 3 8 AwEAAaz/
> tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/
> 4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnI
> DdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/
> EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsI
> XxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
> ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0
> ;;lastchange=1502406039 ;;Thu Aug 10 16:00:39 2017
> . 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+
> 9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/
> RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/
> Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G
> 3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+
> ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id =
> 19036 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0
> ;;lastchange=1480379125 ;;Mon Nov 28 16:25:25 2016
>
>
> > -----Original Message-----
> > From: ksk-rollover-bounces at icann.org [mailto:ksk-rollover-
> > bounces at icann.org] On Behalf Of Jakob Schlyter
> > Sent: Thursday, August 10, 2017 11:03 AM
> > To: Edward Lewis <edward.lewis at icann.org>
> > Cc: ksk-rollover at icann.org
> > Subject: Re: [ksk-rollover] Automated Updates (aka RFC 5011)
> add-hold for
> > the new root zone KSK expires soon
> >
> >
> >
> > > On 9 Aug 2017, at 19:31, Edward Lewis <edward.lewis at icann.org>
> wrote:
> > >
> > > Looking at my records, the new KSK appeared between 2017-07-
> > 11 at 1305UTC and 2017-07-11 at 1405UTC. (I run some probes at 5 minutes
> > after the hour.)
> > >
> > > "30 Days later" means 10 August (not 11 August!). We are less
> than 24
> > hours away from that as I write this message (about 20 hours now).
> >
> > ; autotrust trust anchor file
> > ;;id: . 1
> > ;;last_queried: 1502388111 ;;Thu Aug 10 20:01:51 2017
> > ;;last_success: 1502388111 ;;Thu Aug 10 20:01:51 2017
> > ;;next_probe_time: 1502428592 ;;Fri Aug 11 07:16:32 2017
> > ;;query_failed: 0
> > ;;query_interval: 43200
> > ;;retry_time: 8640
> > . 172800 IN DNSKEY 257 3 8
> > AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUT
> > f6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEh
> > g37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR
> > 0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6D
> > oBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrA
> > mRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size =
> 2048b}
> > ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1418717042 ;;Tue Dec 16
> 09:04:02
> > 2014
> > . 172800 IN DNSKEY 257 3 8
> > AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4Rg
> > WOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQ
> > uCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/
> > EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz
> > 7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws
> > 9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size =
> > 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1502388111 ;;Thu
> Aug 10
> > 20:01:51 2017
> >
> > _______________________________________________
> > ksk-rollover mailing list
> > ksk-rollover at icann.org
> > https://mm.icann.org/mailman/listinfo/ksk-rollover
>
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20170811/030a0046/attachment-0001.html>
More information about the ksk-rollover
mailing list