Re: where is the DNSSEC root key?

2012-10-09 Thread Peter Palfrader
On Fri, 05 Oct 2012, Peter Samuelson wrote: > > However since all DNS servers are generally meant to use port 53, I > > think it's unlikely to install more than one DNS server locally, so > > I'm not sure if doing this makes sense from a packaging perspective. > > [I can see how it does from an ad

Re: where is the DNSSEC root key?

2012-10-08 Thread James Cloos
When unbound is installed, the root key is at /var/lib/unbound/root.key. The init script updates it, if requsted, by way of unbound-anchor(8). Ideally there would be a separate package each dnssec-aware package could depend on which would maintain the root.key file. For comparison, gentoo has a

Re: where is the DNSSEC root key?

2012-10-05 Thread Peter Samuelson
[Chris Knadle] > However since all DNS servers are generally meant to use port 53, I > think it's unlikely to install more than one DNS server locally, so > I'm not sure if doing this makes sense from a packaging perspective. > [I can see how it does from an administration perspective.] It's actu

Re: where is the DNSSEC root key?

2012-10-05 Thread Chris Knadle
On Thursday, October 04, 2012 10:44:10 PM Philipp Kern wrote: > On Thu, Oct 04, 2012 at 03:10:01PM -0400, Chris Knadle wrote: > > Last I looked into this [which has admittedly been a while], Bind 9 was > > the > > only DNS server that had actually implemented DNSSEC, and the others I > > looked at

Re: where is the DNSSEC root key?

2012-10-04 Thread Ivan Shmakov
> Philipp Kern writes: > On Thu, Oct 04, 2012 at 03:10:01PM -0400, Chris Knadle wrote: >> Last I looked into this [which has admittedly been a while], Bind 9 >> was the only DNS server that had actually implemented DNSSEC, and >> the others I looked at (PowerDNS, djbdns, tinydns) had s

Re: where is the DNSSEC root key?

2012-10-04 Thread Philipp Kern
On Thu, Oct 04, 2012 at 03:10:01PM -0400, Chris Knadle wrote: > Last I looked into this [which has admittedly been a while], Bind 9 was the > only DNS server that had actually implemented DNSSEC, and the others I looked > at (PowerDNS, djbdns, tinydns) had stated (IIRC) that they were /not/ going

Re: where is the DNSSEC root key?

2012-10-04 Thread Bernd Zeimetz
On 10/04/2012 09:10 PM, Chris Knadle wrote: > Last I looked into this [which has admittedly been a while], Bind 9 was the > only DNS server that had actually implemented DNSSEC, and the others I looked > at (PowerDNS, djbdns, tinydns) had stated (IIRC) that they were /not/ going > to > be impl

Re: where is the DNSSEC root key?

2012-10-04 Thread Chris Knadle
On Thursday, October 04, 2012 06:42:08, Nikos Mavrogiannopoulos wrote: > Hello, > I've started working with DNSSEC and I noticed a quite important > issue. The DNSSEC libraries ask for the root key, but where this file > is located is system specific (meaning no fixed location). Where is > this ke