[dns-operations] "KSK-2017" appears
Anand Buddhdev
anandb at ripe.net
Wed Jul 12 13:44:52 UTC 2017
On 12/07/2017 15:22, Dick Visser wrote:
> I am somewhat confused about BIND9's 'dnssec-validation' option.
> I read in various places that setting this to 'auto' will cause BIND
> to fetch a new anchor using rc5011.
> For instance https://www.isc.org/blogs/2017-root-key-rollover-what-does-it-mean-for-bind-users/
> mentions:
>
> "After it is running, BIND observes if there are new trust anchors
> being introduced for the root, and downloads them and updates the
> trust anchor database."
>
> Does this happen in-memory?
> At least I don't think any config files will be changed...?
Hi Dick,
Config files will never be modified. BIND will write the new keys into
its working directory (the default is usually /var/named). Look for
.mkeys and .jnl files in there.
Regards,
Anand
More information about the dns-operations
mailing list