[dnssec-coord] Root KSK key roll postponed... anyone have more info?
Martin J. Levy
mahtin at mahtin.com
Sun Oct 1 11:17:28 PDT 2017
Fixed at the microphone at DNS-OARC27 on Friday. Even tweeted!
Sebastian Castro (@secastro)
9/29/17, 10:08 AM
And @NLnetLabs just changed the RFC 8145 defaults in Unbound… reported at the mic #OARC27
It will take time to propagate a full release; however, you can help with upgrades for Southern Africa sometime soon.
> On Oct 1, 2017, at 10:51 AM, Mark Elkins <mje at posix.co.za> wrote:
> I've read the slides. So newish versions of Unbound and Bind can expose
> what trust anchor keys they are using, which can be captured and
> documented. Cool - except Unbound doesn't switch this on by default. I'm
> not sure what has been measured though, or rather what the
> interpretation of the graphs show.
> Newer versions of BIND config files include "dnssec-validation auto;"
> So people are not updating their configs? They are not even using a
> "Managed" root KSK? (Their 'dnssec' portions of their BIND configs are
> over 5 years old!?)
> I'm trying to raise awareness in South Africa as we already seem to have
> a high percentage of people using DNSSEC aware resolvers. Just need to
> make sure my understanding is correct.
> Mark James ELKINS - Posix Systems - (South) Africa
> mje at posix.co.za Tel: +27.128070590 Cell: +27.826010496
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
> dnssec-coord mailing list
> dnssec-coord at elists.isoc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dnssec-coord