Ubuntu
dns-root-data package

New root KSK missing in dns-root-data package for still supported Ubuntu versions

Bug #1780096 reported by Jaromir Talir on 2018-07-04

This bug report is a duplicate of: Bug #1721129: Version 2017072601 is needed as it include the upcoming root KSK. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	dns-root-data (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

DNSSEC root key is going to be exchanged probably in October 2018. At that time, all systems doing validation MUST have new key ready for validation. For Ubuntu this key is stored in dns-root-data package. Ubuntu 18.04 and 16.04 will still be under support at the time of rollover https://www.ubuntu.com/info/release-end-of-life. However, package dns-root-data for these versions doesn't contain new key. This situation could bring serious issues for systems installed just before the rollover, because such systems will not be able to automatically download new key according RFC5011 procedure.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2018-07-05:

Ubuntu 17.10 and later already have the new key.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-07-09:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in dns-root-data (Ubuntu):
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1721129 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntudns-root-data package

New root KSK missing in dns-root-data package for still supported Ubuntu versions

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
dns-root-data package