1*00b67f09SDavid van Moolenbroek/* Id: bind.keys,v 1.7 2011/01/03 23:45:07 each Exp */ 2*00b67f09SDavid van Moolenbroek# The bind.keys file is used to override the built-in DNSSEC trust anchors 3*00b67f09SDavid van Moolenbroek# which are included as part of BIND 9. As of the current release, the only 4*00b67f09SDavid van Moolenbroek# trust anchors it contains are those for the DNS root zone ("."), and for 5*00b67f09SDavid van Moolenbroek# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org"). Trust anchors 6*00b67f09SDavid van Moolenbroek# for any other zones MUST be configured elsewhere; if they are configured 7*00b67f09SDavid van Moolenbroek# here, they will not be recognized or used by named. 8*00b67f09SDavid van Moolenbroek# 9*00b67f09SDavid van Moolenbroek# The built-in trust anchors are provided for convenience of configuration. 10*00b67f09SDavid van Moolenbroek# They are not activated within named.conf unless specifically switched on. 11*00b67f09SDavid van Moolenbroek# To use the built-in root key, set "dnssec-validation auto;" in 12*00b67f09SDavid van Moolenbroek# named.conf options. To use the built-in DLV key, set 13*00b67f09SDavid van Moolenbroek# "dnssec-lookaside auto;". Without these options being set, 14*00b67f09SDavid van Moolenbroek# the keys in this file are ignored. 15*00b67f09SDavid van Moolenbroek# 16*00b67f09SDavid van Moolenbroek# This file is NOT expected to be user-configured. 17*00b67f09SDavid van Moolenbroek# 18*00b67f09SDavid van Moolenbroek# These keys are current as of January 2011. If any key fails to 19*00b67f09SDavid van Moolenbroek# initialize correctly, it may have expired. In that event you should 20*00b67f09SDavid van Moolenbroek# replace this file with a current version. The latest version of 21*00b67f09SDavid van Moolenbroek# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys. 22*00b67f09SDavid van Moolenbroek 23*00b67f09SDavid van Moolenbroekmanaged-keys { 24*00b67f09SDavid van Moolenbroek # ISC DLV: See https://www.isc.org/solutions/dlv for details. 25*00b67f09SDavid van Moolenbroek # NOTE: This key is activated by setting "dnssec-lookaside auto;" 26*00b67f09SDavid van Moolenbroek # in named.conf. 27*00b67f09SDavid van Moolenbroek dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 28*00b67f09SDavid van Moolenbroek brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 29*00b67f09SDavid van Moolenbroek 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 30*00b67f09SDavid van Moolenbroek ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk 31*00b67f09SDavid van Moolenbroek Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM 32*00b67f09SDavid van Moolenbroek QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt 33*00b67f09SDavid van Moolenbroek TDN0YUuWrBNh"; 34*00b67f09SDavid van Moolenbroek 35*00b67f09SDavid van Moolenbroek # ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml 36*00b67f09SDavid van Moolenbroek # for current trust anchor information. 37*00b67f09SDavid van Moolenbroek # NOTE: This key is activated by setting "dnssec-validation auto;" 38*00b67f09SDavid van Moolenbroek # in named.conf. 39*00b67f09SDavid van Moolenbroek . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF 40*00b67f09SDavid van Moolenbroek FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX 41*00b67f09SDavid van Moolenbroek bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD 42*00b67f09SDavid van Moolenbroek X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz 43*00b67f09SDavid van Moolenbroek W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS 44*00b67f09SDavid van Moolenbroek Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq 45*00b67f09SDavid van Moolenbroek QxA+Uk1ihz0="; 46*00b67f09SDavid van Moolenbroek}; 47