Commit graph

8 commits

Author SHA1 Message Date
Vladimír Čunát
c4a5565e7a
dns-root-data: the old KSK is dead!
Long live... eh, I hope the new KSK won't live as long as the old one.
Anyway, it doesn't really matter how fast people update this.
https://www.ietf.org/mail-archive/web/dnsop/current/msg24989.html
See RFC 5011 for details of the protocol.

I re-tested validation with both of these files, to be sure.
2019-01-11 16:47:02 +01:00
Vladimír Čunát
d16b298d19
dns-root-data: use a stable URL that I maintain anyway
Close #31855.
2017-11-21 13:58:19 +01:00
Vincent Laporte
f35f995fff
dns-root-data: 2017-08-29 -> 2017-10-24 2017-11-06 19:22:38 +00:00
Chris Burr
0b356dfb75 dns-root-data: 2017-07-26 -> 2017-08-29 2017-09-04 10:50:32 +01:00
Jan Malakhovski
afc8405a7a dns-root-data: use https 2017-08-17 12:11:49 +00:00
Yann Hodique
2a0c6c7bee dns-root-data: 2017-07-11 -> 2017-07-26 2017-08-14 16:54:25 +02:00
Vladimír Čunát
338a195204
dns-root-data: improve determinism, clear key status
Nitpicks:
- The timestamps there were useless.
- The generator now switched the two keys; I don't know why.

I intentionally remove the comments like "state=1 [ ADDPEND ]".
The problem is that keys e.g. in ADDPEND state are *not* immediately
usable for validation - see RFC5011 for details.  I verified that Unbound
does disregard this on the format we and Debian use ATM, presumably due
to removing parts of the comments, but it would be confusing nevertheless.
2017-07-15 10:38:01 +02:00
Franz Pletz
3bb9954a6b
dns-root-data: init at 2017-06-16 2017-07-12 09:45:25 +02:00