Sur Debian buster/sid, bind 9.11.4
cat /etc/bind/bind.keys
[...]
managed-keys {
# This key (19036) is to be phased out starting in 2017. It will
# remain in the root zone for some time after its successor key
# has been added. It will remain this file until it is removed from
# the root zone.
. initial-key 257 3 8
"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
QxA+Uk1ihz0=";
# This key (20326) was published in the root zone in 2017.
# Servers which were already using the old key (19036) should
# roll seamlessly to this new one via RFC 5011 rollover. Servers
# being set up for the first time can use the contents of this
# file as initializing keys; thereafter, the keys in the
# managed key database will be trusted and maintained
# automatically.
. initial-key 257 3 8
"AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
R1AkUTV74bU=";
};
Joël
-----Message d'origine-----
De : [email protected] [mailto:[email protected]] De la part de
Stephane Bortzmeyer
Envoyé : mardi 28 août 2018 16:14
À : Guillaume Tournat
Cc : Stephane Bortzmeyer; [email protected]
Objet : [FRnOG] Re: [TECH] [DNS] [Uma Thurman] Rappel : le 11 octobre, on
change de clé DNSSEC
On Tue, Aug 28, 2018 at 04:08:36PM +0200,
Guillaume Tournat <[email protected]> wrote
a message of 80 lines which said:
> Pour bind 9.8 et 9.9 (sur Debian), il n’y a pas d’options « rndc managed-keys
> »
>
> Il y a une version minimale de bind a avoir ?
Je ne me souviens plus de laquelle. Mais je cite l'ISC : « If you are
running an older version of BIND, and don’t have access to the RNDC
managed-keys query, you may have to check the .mkeys files in each
view, as below, to see if the new keys were added. From the ARM:
"If named is not configured to use views, then managed keys for the
server will be tracked in a single file called
managed-keys.bind. Otherwise, managed keys will be tracked in separate
files, one file per view; each file name will be the view name (or, if
it contains characters that are incompatible with use as a file name,
the SHA256 hash of the view name), followed by the extension
.mkeys." »
---------------------------
Liste de diffusion du FRnOG
http://www.frnog.org/
---------------------------
Liste de diffusion du FRnOG
http://www.frnog.org/
