[GTER] Root KSK Rollover - Verificacao Servidores Recursivos

Frederico A C Neves fneves at registro.br
Wed Aug 16 11:41:31 -03 2017


Pessoal,

Como citei em Julho, os que vem seguindo o processo de troca da chave
da raiz de forma automática (RFC 5011), neste momento já devem estar
prontos para o evento em 11/10.

https://eng.registro.br/pipermail/gter/2017-July/070560.html

A nova chave foi publicada no dia 11/7 e já transcorridos mais de 30
dias já deveria estar classificada com estado válido como os exemplos
abaixo.

Para os que ainda não fizeram esta operação, ainda há bastante tempo
55 dias, sigam as instruções da apresentação abaixo para evitar a
interrupção do serviço de resolução de nomes.

Em caso de dúvidas estamos a disposição.

[]s
Fred

ftp://ftp.registro.br/pub/gter/gter42/10-RootKSKRoll.pdf
https://www.youtube.com/watch?v=amolBhDr3zQ


# Unbound
; autotrust trust anchor file
;;id: . 1
;;last_queried: 1502893071 ;;Wed Aug 16 11:17:51 2017
;;last_success: 1502893071 ;;Wed Aug 16 11:17:51 2017
;;next_probe_time: 1502936091 ;;Wed Aug 16 23:14:51 2017
;;query_failed: 0
;;query_interval: 43200
;;retry_time: 8640
.	172800	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1502603398 ;;Sun Aug 13 02:49:58 2017
.	172800	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1443881271 ;;Sat Oct  3 11:07:51 2015


# Bind
# managed keys file
$ORIGIN .
$TTL 0	; 0 seconds
@			IN SOA	. . (
				104221     ; serial
				0          ; refresh (0 seconds)
				0          ; retry (0 seconds)
				0          ; expire (0 seconds)
				0          ; minimum (0 seconds)
				)
			KEYDATA	20170817133321 20110906172937 19700101000000 257 3 8 (
				AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ
				bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh
				/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA
				JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp
				oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3
				LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO
				Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc
				LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
				) ; KSK; alg = RSASHA256; key id = 19036
				; next refresh: Thu, 17 Aug 2017 13:33:21 GMT
				; trusted since: Tue, 06 Sep 2011 17:29:37 GMT
			KEYDATA	20170817133321 20170811143256 19700101000000 257 3 8 (
				AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTO
				iW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN
				7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5
				LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8
				efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7
				pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLY
				A4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws
				9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
				) ; KSK; alg = RSASHA256; key id = 20326
				; next refresh: Thu, 17 Aug 2017 13:33:21 GMT
				; trusted since: Fri, 11 Aug 2017 14:32:56 GMT


% dig @f.root-servers.net . dnskey +dnssec +norec +m

; <<>> DiG 9.9.9-P4 <<>> @f.root-servers.net . dnskey +dnssec +norec +m
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30448
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;.			IN DNSKEY

;; ANSWER SECTION:
.			172800 IN DNSKEY 256 3 8 (
				AwEAAYvxrQOOujKdZz+37P+oL4l7e35/0diH/mZITGjl
				p4f81ZGQK42HNxSfkiSahinPR3t0YQhjC393NX4TorSi
				TJy76TBWddNOkC/IaGqcb4erU+nQ75k2Lf0oIpA7qTCk
				3UkzYBqhKDHHAr2UditE7uFLDcoX4nBLCoaH5FtfxhUq
				yTlRu0RBXAEuKO+rORTFP0XgA5vlzVmXtwCkb9G8GknH
				uO1jVAwu3syPRVHErIbaXs1+jahvWWL+Do4wd+lA+TL3
				+pUk+zKTD2ncq7ZbJBZddo9T7PZjvntWJUzIHIMWZRFA
				jpi+V7pgh0o1KYXZgDUbiA1s9oLAL1KLSdmoIYM=
				) ; ZSK; alg = RSASHA256 ; key id = 15768
.			172800 IN DNSKEY 257 3 8 (
				AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTO
				iW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN
				7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5
				LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8
				efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7
				pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLY
				A4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws
				9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
				) ; KSK; alg = RSASHA256 ; key id = 20326
.			172800 IN DNSKEY 257 3 8 (
				AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ
				bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh
				/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA
				JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp
				oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3
				LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO
				Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc
				LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
				) ; KSK; alg = RSASHA256 ; key id = 19036
.			172800 IN RRSIG	DNSKEY 8 0 172800 (
				20170831000000 20170810000000 19036 .
				D2D0oJblRe/C86Eti+vOLIHll7hvI9mN/O6S9gZqKvN2
				ZNN6aJ0IR2lp4Z6if8NU7KFBOuE1rj1IFUdDaSqrzqoD
				0NvSFmVxCWchIakTtyiO339PNuhX3v4ZDeDS/RLImQ3j
				dhGq4pYZpHnilpvDqbZDAvE/9SPbfeV6T4m5GOq6T988
				toTamTdjG0/LAostgZe6rBXnjgPp1xTG8jRtxhUTuoSP
				C6/DkyDAyv/zebIHRWPfGOq/51ARP1vhgEZipNQ1wFvc
				+joCUJll3ad7LQHKrLlJ67xDnk6vCxI4WDrh6/2LhK5w
				fkMFPGKWv4Gi1BlE+r+a9FDFz4ypjwdbvA== )

;; Query time: 0 msec
;; SERVER: 2001:500:2f::f#53(2001:500:2f::f)
;; WHEN: Wed Aug 16 11:38:51 BRT 2017
;; MSG SIZE  rcvd: 1139



More information about the gter mailing list