[dns-operations] nz DNSSEC KSK rollover - Standby Chain
Peter Thomassen
peter at desec.io
Tue Jul 9 06:18:10 UTC 2024
Hi Felipe,
Thank you for sharing your plans.
On 7/9/24 00:34, Felipe Barbosa via dns-operations wrote:
> The current standby chain key tags for each zone are as follows:
> nz: 49157, ac.nz <http://ac.nz/>: 5938, co.nz <http://co.nz/>: 59176, cri.nz <http://cri.nz/>: 19190, geek.nz <http://geek.nz/>: 7171,
> gen.nz <http://gen.nz/>: 48574, govt.nz <http://govt.nz/>: 18181, health.nz <http://health.nz/>: 33694, iwi.nz <http://iwi.nz/>: 58454,
> kiwi.nz <http://kiwi.nz/>: 47464, maori.nz <http://maori.nz/>: 21689, mil.nz <http://mil.nz/>: 43906, net.nz <http://net.nz/>: 25105, org.nz <http://org.nz/>:
> 24626, parliament.nz <http://parliament.nz/>: 49424, school.nz <http://school.nz/>: 27382
Keytags are not a safe way to identify keys, as evidenced by .ru's recent incident [1].
Suggesting to share more unique identifiers in the future (e.g., DS records), to prevent similar mix-ups.
[1]: https://lists.dns-oarc.net/pipermail/dns-operations/2024-January/022406.html
Best,
Peter
--
Like our community service? 💛
Please consider donating at
https://desec.io/
deSEC e.V.
Kyffhäuserstr. 5
10781 Berlin
Germany
Vorstandsvorsitz: Nils Wisiol
Registergericht: AG Berlin (Charlottenburg) VR 37525
More information about the dns-operations
mailing list