[ksk-rollover] new root trust anchor confirmation
Evan Hunt
each at isc.org
Fri Aug 11 17:11:31 UTC 2017
On Fri, Aug 11, 2017 at 11:29:22AM +0200, Phil Regnauld wrote:
> 11-Aug-2017 11:24:26.711
>
> Start view _default
>
> ./RSASHA256/19036 ; managed
This means that it isn't yet a trust anchor...
> ... but managed-keys *does* contain both keys (20326 and 19036).
...but will be at some point, which you can determine by looking at the
KEYDATA line in managed-keys.bind. The second date field is the when the
add hold-down period will end, in UTC. (My server has 20170811222637,
about five hours from now.)
More recent versions of BIND added comments to the file that say "trust
pending" with a more human-readable date, and the 'rndc managed-keys'
command so you can query the server directly.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the ksk-rollover
mailing list