Further to my post on ICANN's automated KSK testlab, ICANN generated a new key on the 19th, and added it to the test zone that we're using, and we can see it below: Key 19741 is a new KSK in the zone. If you look in managed-keys.bind (I'm running Debian, and so that's in /var/cache/bind/) you'll … Continue reading A New Key…
Tag: DNSSEC
Rolling, rolling, rolling…
In October 2017, ICANN are going to roll the key signing key in the root of the DNS. If you run a validating recursive resolver, read on...
DNSSEC BIND Configuration Summary & Cool Stuff
Introduction With the recent signing of the root, I've discovered a sudden interest in DNSSEC, and decided to have a go myself to aid my understanding of it. This article is written as an aid-memoir to me, and summary of the bits I've read. Of course, I've provided links to the whole blog entries I … Continue reading DNSSEC BIND Configuration Summary & Cool Stuff