23 Bře
2026
23 Bře
'26
16:00
On 20/03/2026 14.21, Ulrich Wisser via knot-resolver-users wrote:
I am trying to make a small tutorial for different
resolvers on how to
check that the Root KSK is updated.
How can I check that for Knot resolver?
I wonder. We have an automatic check which should detect it and log a
warning during startup by default:
log_warn(ffi.C.LOG_GRP_TAUPDATE, 'you need to
update package with
trust anchors in "%s" before it breaks', file_name)
So maybe that's the best way. Knot Resolver is normally packaged to
either (1) use root trust anchors shipped with it - in which case users
should be fine unless using a rather old version (which will have
security issues anyway). As for the currently new KSK, we were adding
that in the 2024 Summer.
Or (2) it uses root trust anchors which have a separate package in that
distro (e.g. Debian and derivatives), in which case I really hope that
the distro packagers won't forget, especially when speaking of
long-term-supported distros (say Ubuntu 24.04).
--Vladimir