[ksk-rollover] new root trust anchor confirmation

Wessels, Duane dwessels at verisign.com
Wed Aug 16 03:24:47 UTC 2017 

Sameka,

That's the DNSSEC Debugger's trust anchor, not yours. 

Unfortunately the Debugger only tests authoritative name server configurations.  It cannot test anything about your validating name server.

Per some previous emails on this list, you can run either 'rndc secroots' or 'rndc managed-keys' depending on your particular version of BIND 9.

DW




> On Aug 15, 2017, at 8:14 PM, Sameka McNeil - NOAA Affiliate <sameka.s.mcneil at noaa.gov> wrote:
> 
> so the 
> 
> dnssec-debugger.verisignlabs.com showed my DS=20326/SHA-256 is now in the chain-of-trust
> 
> 
> 
> On Tue, Aug 15, 2017 at 7:36 PM, Sameka McNeil - NOAA Affiliate <sameka.s.mcneil at noaa.gov> wrote:
> Could someone give me a hand. 
> 
> I added the new root KSK to my bind 9 configuration using the trusted-keys configuration.   
> 
> How to I know if its trusted and validated? 
> 
> Thank you for any assistance 
> 
> On Tue, Aug 15, 2017 at 4:47 PM, Evan Hunt <each at isc.org> wrote:
> On Tue, Aug 15, 2017 at 07:54:55PM +0000, Paul Hoffman wrote:
> > On Aug 10, 2017, at 2:03 PM, Evan Hunt <each at isc.org> wrote:
> > > If you run a recent BIND, "rndc managed-keys status"
> >
> > That works in BIND 9.11.x; is there any equivalent for BIND 9.10.x, which
> > is still much more prevalent in distros?
> 
> "rndc secroots" will dump a list of trusted keys, and the managed-keys.bind
> file is readable and has comments that indicate whether trust is pending or
> active for each key.
> 
> --
> Evan Hunt -- each at isc.org
> Internet Systems Consortium, Inc.
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
> 
> 
> 
> 
> -- 
> -- 
> Sameka S. McNeil                                                                                                            
>                                                                                                 
>                                                                                            
> 
> 
> 
> 
> -- 
> -- 
> Sameka S. McNeil                                                                                                            
> Phone: 301.628.5644                                                                                                  
> Cell: 202.360.9428                                                                                              
> 
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover

More information about the ksk-rollover mailing list