]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
projects / thirdparty / knot-resolver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eadde42)
etc/: add the fresh DNSSEC root key "KSK-2024" already docs-develop-ksk-qmeiye/deployments/4323
authorVladimír Čunát <vladimir.cunat@nic.cz>
Mon, 10 Jun 2024 14:05:41 +0000 (16:05 +0200)
committerVladimír Čunát <vladimir.cunat@nic.cz>
Mon, 10 Jun 2024 14:21:22 +0000 (16:21 +0200)
The key still won't be used for some time, two years maybe,
but I think it's better to preemptively trust it already.
(outdated machines, etc.)

Some evidence that it's not just a hash of *my* private key:
https://www.iana.org/dnssec/ceremonies/53-2
https://data.iana.org/ksk-ceremony/53-2/kskm-keymaster-20240426-173035-995.log
https://www.youtube.com/live/gw4PFhtnVpk?si=C8zevM3nG9O0XAJr&t=12726

NEWS patch | blob | blame | history
etc/root.keys patch | blob | blame | history

diff --git a/NEWS b/NEWS
index 311d7f31d0a88bd0827a9b098d7fadae71078936..0b46d3780247dffb522e6dd75f48f4f495d8f19f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+Knot Resolver 5.7.4 (2024-06-dd)
+================================
+
+Improvements
+------------
+- add the fresh DNSSEC root key "KSK-2024" already, Key ID 38696 (!1556)
+
+
 Knot Resolver 5.7.3 (2024-05-30)
 ================================
 
diff --git a/etc/root.keys b/etc/root.keys
index e292b5a7bf0cc4afbefdee17c56b10edbd2126f3..3009e81f27d49888c3e1e081e6835b34fcd852ee 100644 (file)
--- a/etc/root.keys
+++ b/etc/root.keys
@@ -1 +1,2 @@
 . IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
+. IN DS 38696 8 2 683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git