Re: where is the DNSSEC root key?

2012-10-09 Thread Peter Palfrader
On Fri, 05 Oct 2012, Peter Samuelson wrote: However since all DNS servers are generally meant to use port 53, I think it's unlikely to install more than one DNS server locally, so I'm not sure if doing this makes sense from a packaging perspective. [I can see how it does from an

Re: where is the DNSSEC root key?

2012-10-08 Thread James Cloos
When unbound is installed, the root key is at /var/lib/unbound/root.key. The init script updates it, if requsted, by way of unbound-anchor(8). Ideally there would be a separate package each dnssec-aware package could depend on which would maintain the root.key file. For comparison, gentoo has a

Re: where is the DNSSEC root key?

2012-10-05 Thread Chris Knadle
On Thursday, October 04, 2012 10:44:10 PM Philipp Kern wrote: On Thu, Oct 04, 2012 at 03:10:01PM -0400, Chris Knadle wrote: Last I looked into this [which has admittedly been a while], Bind 9 was the only DNS server that had actually implemented DNSSEC, and the others I looked at

Re: where is the DNSSEC root key?

2012-10-05 Thread Peter Samuelson
[Chris Knadle] However since all DNS servers are generally meant to use port 53, I think it's unlikely to install more than one DNS server locally, so I'm not sure if doing this makes sense from a packaging perspective. [I can see how it does from an administration perspective.] It's

Re: where is the DNSSEC root key?

2012-10-04 Thread Chris Knadle
On Thursday, October 04, 2012 06:42:08, Nikos Mavrogiannopoulos wrote: Hello, I've started working with DNSSEC and I noticed a quite important issue. The DNSSEC libraries ask for the root key, but where this file is located is system specific (meaning no fixed location). Where is this key

Re: where is the DNSSEC root key?

2012-10-04 Thread Bernd Zeimetz
On 10/04/2012 09:10 PM, Chris Knadle wrote: Last I looked into this [which has admittedly been a while], Bind 9 was the only DNS server that had actually implemented DNSSEC, and the others I looked at (PowerDNS, djbdns, tinydns) had stated (IIRC) that they were /not/ going to be

Re: where is the DNSSEC root key?

2012-10-04 Thread Philipp Kern
On Thu, Oct 04, 2012 at 03:10:01PM -0400, Chris Knadle wrote: Last I looked into this [which has admittedly been a while], Bind 9 was the only DNS server that had actually implemented DNSSEC, and the others I looked at (PowerDNS, djbdns, tinydns) had stated (IIRC) that they were /not/ going

Re: where is the DNSSEC root key?

2012-10-04 Thread Ivan Shmakov
Philipp Kern pk...@debian.org writes: On Thu, Oct 04, 2012 at 03:10:01PM -0400, Chris Knadle wrote: Last I looked into this [which has admittedly been a while], Bind 9 was the only DNS server that had actually implemented DNSSEC, and the others I looked at (PowerDNS, djbdns, tinydns) had