.br KSK rollover
Frederico A C Neves
fneves at registro.br
Wed Jun 25 18:45:35 EDT 2008
Dear DNSSEC experts and enthusiasts,
According to our ".br DNSSEC Keys Publication and Management Policy"
[1], since 2008-06-24 a new KSK for the .br zone is in use. The new
key with key id 18457 and configuration samples for BIND and UNBOUND
can be found below [3] or at our website [2].
The key used since 2007-06-04, with key id 61207, will not be valid
from 2008-08-25.
If you run DNSSEC enabled recursive servers and have the .br key as a
trust anchor, don't forget to update the .br KSK in your servers
configuration. Substitution of the .br trust anchor for the new .br
KSK must be done no later than 2008-08-25, when the rollover period
finishes.
Regards,
Frederico Neves
[1] http://registro.br/info/dnssec-policy.html
[2] https://registro.br/ksk/index.html
[3]
*DNS RR
br. IN DNSKEY 257 3 5 (
AwEAAdDoVnG9CyHbPUL2rTnE22uN66gQCrUW5W0NTXJB
NmpZXP27w7PMNpyw3XCFQWP/XsT0pdzeEGJ400kdbbPq
Xr2lnmEtWMjj3Z/ejR8mZbJ/6OWJQ0k/2YOyo6Tiab1N
GbGfs513y6dy1hOFpz+peZzGsCmcaCsTAv+DP/wmm+hN
x94QqhVx0bmFUiCVUFKU3TS1GP415eykXvYDjNpy6AM=
) ; key id = 18457
*BIND trusted-keys config
trusted-keys {
br. 257 3 5
"AwEAAdDoVnG9CyHbPUL2rTnE22uN66gQCrUW5W0NTXJB
NmpZXP27w7PMNpyw3XCFQWP/XsT0pdzeEGJ400kdbbPq
Xr2lnmEtWMjj3Z/ejR8mZbJ/6OWJQ0k/2YOyo6Tiab1N
GbGfs513y6dy1hOFpz+peZzGsCmcaCsTAv+DP/wmm+hN
x94QqhVx0bmFUiCVUFKU3TS1GP415eykXvYDjNpy6AM=";
};
*UNBOUND trust-anchor config
trust-anchor: "br. DS 18457 5 1 1067149C134A5B5FF8FC5ED0996E4E9E50AC21B1"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20080625/1967dc3a/attachment.bin
More information about the Dnssec-deployment
mailing list