Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
BTW, what should be done in BIND to allow it to use the root key? Anything special besides the usual "dnssec-validate yes"?
I suspect that the root key must be manually added to the list of trusted anchors?
An interesting DNSSEC amplification
Posted Jul 15, 2010 14:32 UTC (Thu) by cesarb (subscriber, #6266)
I do not know whether ISC's DLV (http://www.isc.org/solutions/dlv) will be updated to use the DNS root key. If it is and you are already using ISC's DLV, you might not need to do anything at first (at least until it is shut down for not being needed anymore).
You can also simply wait for your distribution to update their packages, if you used it to configure DNSSEC (for instance, IIRC Fedora 13's bind package uses DNSSEC via ISC's DLV by default; it will not surprise me if it is updated soon to add the true DNS root key).
Posted Jul 15, 2010 14:37 UTC (Thu) by tialaramex (subscriber, #21167)
Eventually it is envisioned that OS vendors would provide and update these anchors, much as they all tend to offer timezone files updated with changes from the various civilian entities which claim authority to determine local time. The older anchors would become invalid after some period of time (I've forgotten, perhaps it's a year) and everyone would need to update often enough or switch off DNSSEC.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds