2010/05/10

Root Zone Public Keys

Some network administrators are eager to see what the root zone public keys look like which were issued on 5 May. In fact, ICANN has issued the warning inside the key strings that "This is an invalid key and should not be used contact rootsign@icann.org for more information". See my dump below:

***** Root Zone Public Keys *****

[localhost]# dig +dnssec dnskey . @192.5.5.241

; <<>> DiG 9.5.2-RedHat-9.5.2-1.fc10 <<>> +dnssec dnskey . @192.5.5.241
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47371
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;. IN DNSKEY

;; ANSWER SECTION:
. 86400 IN DNSKEY 257 3 8 AwEAAawBe++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MOR E/INFORMATION+++8=
. 86400 IN DNSKEY 257 3 8 AwEAAazdM++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MOR E/INFORMATION+++++8=
. 86400 IN DNSKEY 256 3 8 AwEAAavbA++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MOR E/INFORMATION+++++++++++++++++++++++++++8
. 86400 IN RRSIG DNSKEY 8 0 86400 20100515235959 20100501000000 19324 . QWXJEkPRYzAu8SpGmzRw1y9B9JOPRNl9C5csTh6Edv4xQRUb0apb7YRD mhbIgqZN4TMMme70pni93z8gn7fqtylFzCObC0prH90vq20DjxcOeZtV ufvoadCQFsUi87G2kgicZjRLSHjz/h2zJO36nmdp/S05wGxT9KX56Yoy hjuSr6AzCCQvsmDKdhL8D8SAPAZGjPs0ftfKsDyEarcy9XYP9nZfskmQ OWbx0ldr41JfibY3+onP/tA61KQdTQYZ2bAU/eQK/6Kq2YEzSzQijwdV Kex+hi4LXWB85u9uY8YMsa1MVJDY/BYkjW4HU1wvKY47oz4G3oDyI23X IR8NSA==

;; Query time: 5 msec
;; SERVER: 192.5.5.241#53(192.5.5.241)
;; WHEN: Mon May 10 09:44:35 2010
;; MSG SIZE rcvd: 1011

****** End *****

No comments: