[GTER] Root KSK Rollover - Verificacao Servidores Recursivos
Frederico A C Neves
fneves at registro.br
Wed Aug 16 11:41:31 -03 2017
Pessoal,
Como citei em Julho, os que vem seguindo o processo de troca da chave
da raiz de forma automática (RFC 5011), neste momento já devem estar
prontos para o evento em 11/10.
https://eng.registro.br/pipermail/gter/2017-July/070560.html
A nova chave foi publicada no dia 11/7 e já transcorridos mais de 30
dias já deveria estar classificada com estado válido como os exemplos
abaixo.
Para os que ainda não fizeram esta operação, ainda há bastante tempo
55 dias, sigam as instruções da apresentação abaixo para evitar a
interrupção do serviço de resolução de nomes.
Em caso de dúvidas estamos a disposição.
[]s
Fred
ftp://ftp.registro.br/pub/gter/gter42/10-RootKSKRoll.pdf
https://www.youtube.com/watch?v=amolBhDr3zQ
# Unbound
; autotrust trust anchor file
;;id: . 1
;;last_queried: 1502893071 ;;Wed Aug 16 11:17:51 2017
;;last_success: 1502893071 ;;Wed Aug 16 11:17:51 2017
;;next_probe_time: 1502936091 ;;Wed Aug 16 23:14:51 2017
;;query_failed: 0
;;query_interval: 43200
;;retry_time: 8640
. 172800 IN DNSKEY 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1502603398 ;;Sun Aug 13 02:49:58 2017
. 172800 IN DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1443881271 ;;Sat Oct 3 11:07:51 2015
# Bind
# managed keys file
$ORIGIN .
$TTL 0 ; 0 seconds
@ IN SOA . . (
104221 ; serial
0 ; refresh (0 seconds)
0 ; retry (0 seconds)
0 ; expire (0 seconds)
0 ; minimum (0 seconds)
)
KEYDATA 20170817133321 20110906172937 19700101000000 257 3 8 (
AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ
bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh
/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA
JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp
oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3
LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO
Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc
LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
) ; KSK; alg = RSASHA256; key id = 19036
; next refresh: Thu, 17 Aug 2017 13:33:21 GMT
; trusted since: Tue, 06 Sep 2011 17:29:37 GMT
KEYDATA 20170817133321 20170811143256 19700101000000 257 3 8 (
AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTO
iW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN
7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5
LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8
efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7
pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLY
A4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws
9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
) ; KSK; alg = RSASHA256; key id = 20326
; next refresh: Thu, 17 Aug 2017 13:33:21 GMT
; trusted since: Fri, 11 Aug 2017 14:32:56 GMT
% dig @f.root-servers.net . dnskey +dnssec +norec +m
; <<>> DiG 9.9.9-P4 <<>> @f.root-servers.net . dnskey +dnssec +norec +m
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30448
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;. IN DNSKEY
;; ANSWER SECTION:
. 172800 IN DNSKEY 256 3 8 (
AwEAAYvxrQOOujKdZz+37P+oL4l7e35/0diH/mZITGjl
p4f81ZGQK42HNxSfkiSahinPR3t0YQhjC393NX4TorSi
TJy76TBWddNOkC/IaGqcb4erU+nQ75k2Lf0oIpA7qTCk
3UkzYBqhKDHHAr2UditE7uFLDcoX4nBLCoaH5FtfxhUq
yTlRu0RBXAEuKO+rORTFP0XgA5vlzVmXtwCkb9G8GknH
uO1jVAwu3syPRVHErIbaXs1+jahvWWL+Do4wd+lA+TL3
+pUk+zKTD2ncq7ZbJBZddo9T7PZjvntWJUzIHIMWZRFA
jpi+V7pgh0o1KYXZgDUbiA1s9oLAL1KLSdmoIYM=
) ; ZSK; alg = RSASHA256 ; key id = 15768
. 172800 IN DNSKEY 257 3 8 (
AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTO
iW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN
7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5
LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8
efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7
pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLY
A4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws
9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
) ; KSK; alg = RSASHA256 ; key id = 20326
. 172800 IN DNSKEY 257 3 8 (
AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ
bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh
/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA
JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp
oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3
LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO
Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc
LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
) ; KSK; alg = RSASHA256 ; key id = 19036
. 172800 IN RRSIG DNSKEY 8 0 172800 (
20170831000000 20170810000000 19036 .
D2D0oJblRe/C86Eti+vOLIHll7hvI9mN/O6S9gZqKvN2
ZNN6aJ0IR2lp4Z6if8NU7KFBOuE1rj1IFUdDaSqrzqoD
0NvSFmVxCWchIakTtyiO339PNuhX3v4ZDeDS/RLImQ3j
dhGq4pYZpHnilpvDqbZDAvE/9SPbfeV6T4m5GOq6T988
toTamTdjG0/LAostgZe6rBXnjgPp1xTG8jRtxhUTuoSP
C6/DkyDAyv/zebIHRWPfGOq/51ARP1vhgEZipNQ1wFvc
+joCUJll3ad7LQHKrLlJ67xDnk6vCxI4WDrh6/2LhK5w
fkMFPGKWv4Gi1BlE+r+a9FDFz4ypjwdbvA== )
;; Query time: 0 msec
;; SERVER: 2001:500:2f::f#53(2001:500:2f::f)
;; WHEN: Wed Aug 16 11:38:51 BRT 2017
;; MSG SIZE rcvd: 1139
More information about the gter
mailing list