Upcoming DNSSEC key rollover – how to check your Turris Omnia's knot resolver:

– connect to your Turris Omnia using SSH
– enter '# cat /etc/root.keys | grep "KeyTag:20326"'

If you see the key, no further action is required. All modern resolvers follow the process defined in RFC 5011 to update their root keys automatically.

See also:

@infosechandbook Also, check /etc/config/resolver: you may have put the root keys file in another place than the default one (option "keyfile")

@infosechandbook If you literally enter '# cat /etc/root.keys | grep "KeyTag:20326"', it will comment your command… # should not be a part of the quoted string 🤡


That's right, however, it's the shortest way to distinguish between user and root context in Linux systems. :blobtongue:

@infosechandbook I would write it this way:

To […], enter the following command:

# cat /etc/root.keys | grep "KeyTag:20326"

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.