infosec-handbook.eu
Follow

Upcoming DNSSEC key rollover – how to check your Turris Omnia's knot resolver:

– connect to your Turris Omnia using SSH
– enter '# cat /etc/root.keys | grep "KeyTag:20326"'

If you see the key, no further action is required. All modern resolvers follow the process defined in RFC 5011 to update their root keys automatically.

See also:

icann.org/dns-resolvers-updati

@infosechandbook Also, check /etc/config/resolver: you may have put the root keys file in another place than the default one (option "keyfile")

@infosechandbook If you literally enter '# cat /etc/root.keys | grep "KeyTag:20326"', it will comment your command… # should not be a part of the quoted string 🤡

@devnull

That's right, however, it's the shortest way to distinguish between user and root context in Linux systems. :blobtongue:

@infosechandbook I would write it this way:

To […], enter the following command:

# cat /etc/root.keys | grep "KeyTag:20326"

Sign in to participate in the conversation
Mastodon

mastodon.at is open to all users and federates with most instances.

🇩🇪 🇦🇹 🇨🇭 mastodon.at ist offen für alle User und ist mit vielen anderen Instanzen verbunden.