[ksk-rollover] new root trust anchor confirmation

Sameka McNeil - NOAA Affiliate sameka.s.mcneil at noaa.gov
Wed Aug 16 03:14:59 UTC 2017


so the

dnssec-debugger.verisignlabs.com showed my DS=20326/SHA-256 is now in the
chain-of-trust



On Tue, Aug 15, 2017 at 7:36 PM, Sameka McNeil - NOAA Affiliate <
sameka.s.mcneil at noaa.gov> wrote:

> Could someone give me a hand.
>
> I added the new root KSK to my bind 9 configuration using the trusted-keys
> configuration.
>
> How to I know if its trusted and validated?
>
> Thank you for any assistance
>
> On Tue, Aug 15, 2017 at 4:47 PM, Evan Hunt <each at isc.org> wrote:
>
>> On Tue, Aug 15, 2017 at 07:54:55PM +0000, Paul Hoffman wrote:
>> > On Aug 10, 2017, at 2:03 PM, Evan Hunt <each at isc.org> wrote:
>> > > If you run a recent BIND, "rndc managed-keys status"
>> >
>> > That works in BIND 9.11.x; is there any equivalent for BIND 9.10.x,
>> which
>> > is still much more prevalent in distros?
>>
>> "rndc secroots" will dump a list of trusted keys, and the
>> managed-keys.bind
>> file is readable and has comments that indicate whether trust is pending
>> or
>> active for each key.
>>
>> --
>> Evan Hunt -- each at isc.org
>> Internet Systems Consortium, Inc.
>> _______________________________________________
>> ksk-rollover mailing list
>> ksk-rollover at icann.org
>> https://mm.icann.org/mailman/listinfo/ksk-rollover
>>
>>
>
>
> --
> --
> Sameka S. McNeil
>
>
>
>
>
>
>


-- 
-- 
Sameka S. McNeil

Phone: 301.628.5644

Cell: 202.360.9428
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20170815/05fd0f35/attachment.html>


More information about the ksk-rollover mailing list