Dear Tosin, Thank you for reaching out.
> On 17 Sep 2018, at 15:03, Tosin Oludare (Coollink) <[email protected]> > wrote: > > We are an ISP in Nigeria and member of AFRINIC, we received an update on > the impending roll over to KSK DNSEC we would like to know what we need to do > on our DNS servers. > > Our DNS server runs on Bind 9 CentOS and we have pubic IPs. You should be concerned only if you are operating a DNSSEC validating resolver and that your clients are using this resolver to do DNS resolution. i.e. in your BIND configuration: dnssec-validation auto; If so, you are probably using managed-keys in bind, you can do the verification by running a RNDC managed-keys status, you would see the new key marked as ‘added’ after July 2017 publication. After 11 October 2018: Be on the lookout for DNSSEC validation failures when the key in use changes to the new key. However, if you are running authoritative services with BIND, or a resolver that is not doing DNSSEC-validation, you should not see an impact. Hope that helps. Regards, Amreesh _______________________________________________ DNSSEC-Ops mailing list [email protected] https://lists.afrinic.net/mailman/listinfo/dnssec-ops
