DNSSEC with 9.7.2-P2
Phil Mayers
p.mayers at imperial.ac.uk
Fri Nov 12 15:32:49 UTC 2010
On 12/11/10 14:51, Alan Clegg wrote:
> On 11/12/2010 7:49 AM, David Forrest wrote:
>> While running BIND 9.7.2-P2 built with defaults on F11
>
> [..]
>
>> and, on checking named.conf, I found the entry for br. as:
>> trusted-keys {
>> "br." 257 3 5
>> "AwEAAdDoVnG9CyHbPUL2rTnE22uN66gQCrUW5W0NTXJBNmpZXP27w7PMNpyw3XCFQWP/XsT0pdzeEGJ400kdbbPqXr2lnmEtWMjj3Z/ejR8mZbJ/6OWJQ0k/2YOyo6Tiab1NGbGfs513y6dy1hOFpz+peZzGsCmcaCsTAv+DP/wmm+hNx94QqhVx0bmFUiCVUFKU3TS1GP415eykXvYDjNpy6AM=";
>> };
>
> If Fedora 11 (I'm assuming that is what "F11" is) has built in
> trust-anchors in the distributed named.conf, someone needs to talk to
> them...
They have, by bundling a copy of dnssec-conf. In addition, there is no
system scheduled cron job to update these IIRC - the expectation was
that RPM updates would do the job - and sadly F11 is now "off support",
which is a bit of a hole in the reasoning :o(
More information about the bind-users
mailing list