Remove revoked root DNSKEY from bind.keys.

diff --git a/CHANGES b/CHANGES
index de4307c506ef63edc2f1c9a175f8c4ec2c4c79cf..9d82d6e8ba044457fc63c56a38ce9fce9800e2d8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+5189.  [cleanup]       Remove revoked root DNSKEY from bind.keys. [GL #945]
+
 5188.  [func]          The "dnssec-enable" option is deprecated and no
                        longer has any effect; DNSSEC responses are
                        always enabled. [GL #866]

diff --git a/bind.keys b/bind.keys
index c468c972e61675e336afaf151d9d379d8a97789b..37e92561c60b113946f4ffcbfa1778e91e3407b9 100644 (file)
--- a/bind.keys
+++ b/bind.keys
@@ -23,18 +23,6 @@
 # for current trust anchor information for the root zone.
 
 managed-keys {
-        # This key (19036) is to be phased out starting in 2017. It will
-        # remain in the root zone for some time after its successor key
-        # has been added. It will remain this file until it is removed from
-        # the root zone.
-        . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
-                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
-                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
-                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
-                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
-                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
-                QxA+Uk1ihz0=";
-
         # This key (20326) was published in the root zone in 2017.
         # Servers which were already using the old key (19036) should
         # roll seamlessly to this new one via RFC 5011 rollover. Servers

diff --git a/bind.keys.h b/bind.keys.h
index 8e94793a952c7b0a1326c894a6fc3abb3a69ba5b..59e4e925e8432df3583ed75c264fda0703f762c8 100644 (file)
--- a/bind.keys.h
+++ b/bind.keys.h
@@ -26,18 +26,6 @@
 # for current trust anchor information for the root zone.\n\
 \n\
 trusted-keys {\n\
-        # This key (19036) is to be phased out starting in 2017. It will\n\
-        # remain in the root zone for some time after its successor key\n\
-        # has been added. It will remain this file until it is removed from\n\
-        # the root zone.\n\
-        . 257 3 8 \"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF\n\
-                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX\n\
-                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD\n\
-                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz\n\
-                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS\n\
-                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq\n\
-                QxA+Uk1ihz0=\";\n\
-\n\
         # This key (20326) was published in the root zone in 2017.\n\
         # Servers which were already using the old key (19036) should\n\
         # roll seamlessly to this new one via RFC 5011 rollover. Servers\n\
@@ -81,18 +69,6 @@ trusted-keys {\n\
 # for current trust anchor information for the root zone.\n\
 \n\
 managed-keys {\n\
-        # This key (19036) is to be phased out starting in 2017. It will\n\
-        # remain in the root zone for some time after its successor key\n\
-        # has been added. It will remain this file until it is removed from\n\
-        # the root zone.\n\
-        . initial-key 257 3 8 \"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF\n\
-                FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX\n\
-                bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD\n\
-                X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz\n\
-                W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS\n\
-                Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq\n\
-                QxA+Uk1ihz0=\";\n\
-\n\
         # This key (20326) was published in the root zone in 2017.\n\
         # Servers which were already using the old key (19036) should\n\
         # roll seamlessly to this new one via RFC 5011 rollover. Servers\n\