DNSSEC will eventually generate Identical Key ID's
Mark Elkins
mje at posix.co.za
Sun Sep 9 17:51:52 UTC 2018
Just for the record, although I do look from a curiosity point of view
for Identical Key ID's once every few month - I've never seen them -
until now.
Now I have them - generated by BIND within a few days of each other...
-rw-r--r-- 1 root root 431 Aug 18 00:03 Kipv6.org.za.+008+46578.key
-rw------- 1 root root 1012 Aug 18 00:03 Kipv6.org.za.+008+46578.private
# cat Kipv6.org.za.+008+46578.key
; This is a zone-signing key, keyid 46578, for ipv6.org.za.
; Created: 20180817220323 (Sat Aug 18 00:03:23 2018)
; Publish: 20180817220323 (Sat Aug 18 00:03:23 2018)
; Activate: 20180817220323 (Sat Aug 18 00:03:23 2018)
ipv6.org.za. IN DNSKEY 256 3 8
AwEAAbdOBycxs6uv0fgkpxh1DyFNyVdWlHfVWy4zKAeEM0MEYeR/idNO
/Z7aWFLlHsEADEpUGuz5dpHRP5OgPDzFesa1AdK0YsbzkDVsRD10Epjt
1CakfLbYqnrn4i/+Ds7VGDQJa83+JOewhKl5lSbGMCtvycFoXg7pyi+A bsCQvITN
-rw-r--r-- 1 root root 431 Aug 23 00:03 Kftth.net.za.+008+46578.key
-rw------- 1 root root 1008 Aug 23 00:03 Kftth.net.za.+008+46578.private
# cat Kftth.net.za.+008+46578.key
; This is a zone-signing key, keyid 46578, for ftth.net.za.
; Created: 20180822220329 (Thu Aug 23 00:03:29 2018)
; Publish: 20180822220329 (Thu Aug 23 00:03:29 2018)
; Activate: 20180822220329 (Thu Aug 23 00:03:29 2018)
ftth.net.za. IN DNSKEY 256 3 8
AwEAAeB+Q8/GXSoyp3eMHusIgxlr51HUMhMpsRUzhp5A4TlnGPPXHw3C
ktwELF4FzPpnHWrHuOL+PewPU15KL6rQ+y4jN1s9tRMK7+jyTuttSnsF
R9gmmhtCvyZ+GtmAhcBVaoe/4VfZMOCHjthwLxoqMy1l19qx9Yy5jVtd WWa+q6Ot
I've been running DNSSEC for 7 years and have around 400 DNSSEC keys for
133 signed Domains.
I'm a smallish Registrar for ZA domains.
Never assume a KeyID is unique. :-)
--
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
More information about the bind-users
mailing list