ietf
[Top] [All Lists]

Re: Historic Moment - Root zone of the Internet was just signed minutes ago!!!

2010-07-17 09:46:01
On Fri, 16 Jul 2010, Tony Finch wrote:

unbound requires trust anchors in DS format which is somewhat more
convenient, though you still have to edit IANA's XML to convert it into
master file format.

You can also use DNSKEY statements in unbound:

~> grep trusted-keys /etc/unbound/unbound.conf
trusted-keys-file: "/etc/pki/dnssec-keys/production/root.conf"
~> cat /etc/pki/dnssec-keys/production/root.conf
trusted-keys {
"." 257 3 8 
"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=";
 // key id = 19036

};

Paul

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf