Maintained by: NLnet Labs

[Ext] Re: Question related to RFC 5011 ("Automated Updates...")

Edward Lewis
Wed Jul 26 15:55:33 CEST 2017


Thanks...

On 7/19/17, 14:59, "Unbound-users on behalf of W.C.A. Wijngaards via Unbound-users" <unbound-users-bounces at unbound.net on behalf of unbound-users at unbound.net> wrote:

    Hi Ed,
    
    It counts the number of times the key was seen in a probe.  This count
    has to be bigger than 2 (or equal to) for the key to be accepted.  This
    is from RFC5011 rules.
    
    Best regards, Wouter
    
    On 19/07/17 18:10, Edward Lewis via Unbound-users wrote:
    > Where I track the root zone trust anchor points (for me root.key), I see this:
    > 
    > .	172800	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=1 [ ADDPEND ] ;;count=17 ;;lastchange=1499810300 ;;Tue Jul 11 17:58:20 2017
    > 
    > My question is - what is the "count" counting?
    > 
    > The established key as a count of 0:
    > 
    > .	172800	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1459820836 ;;Mon Apr  4 21:47:16 2016
    >  
    > 
    
    
    
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2013 bytes
Desc: not available
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20170726/e13b1e68/attachment.bin>