This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] follow up of "Update RIPE's DNS Zonemaster"
- Previous message (by thread): [dns-wg] follow up of "Update RIPE's DNS Zonemaster"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Anand Buddhdev
anandb at ripe.net
Tue Feb 22 16:43:28 CET 2022
On 18/02/2022 14:41, Nick Cao via dns-wg wrote: Hello Nick, > When doing a DNSSEC algorithm rollover from ecdsap256sha256 to ed25519 > today, I got the error 'Unknown cryptographic algorithm' when updating > ds-rdata field. A quick google search led me to > https://www.ripe.net/ripe/mail/archives/dns-wg/2021-January/003796.html, > which dates back to more than a year ago. It seems that the zonemaster > deployment has not been updated to day, thus I would like to ask about > the current progress. Your observation is correct. The version of Zonemaster we're running isn't up to date, and can't handle algorithms 15 and 16. We are working on updating all the things. It is a two-stage process, where we need to update Zonemaster first (running on our current Linux distribution, CentOS 7), and then deploy it on a derivative of RedHat Linux 8, whose openssl understands these newer algorithms. Unfortunately, we cannot yet provide a date by when this will all be done. However, we appreciate your concern, and are putting more priority on getting this work done as soon as possible. The automatic update of your DS record happened as a result of our daily CDS scans. The code that does the scans and checks does not invoke Zonemaster, because it is only concerned with ensuring that the DNSSEC chain of trust is correct. Regards, Anand Buddhdev RIPE NCC
- Previous message (by thread): [dns-wg] follow up of "Update RIPE's DNS Zonemaster"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]