<div dir="ltr"><div>Cierto!</div><div><br></div><div>Y a todo esto... se nos pasó por alto que alguien en esta lista mencionara que alcanzamos los 1414 bytes de respuesta para la zona raíz (justo debajo del temído límite de 1500 de MTU)</div><div><br></div><div><div><font face="monospace, monospace">$ dig @<a href="http://l.root-servers.net">l.root-servers.net</a> . DNSKEY +dnssec +multi +stats</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">; <<>> DiG 9.11.2 <<>> @<a href="http://l.root-servers.net">l.root-servers.net</a> . DNSKEY +dnssec +multi +stats</font></div><div><font face="monospace, monospace">; (2 servers found)</font></div><div><font face="monospace, monospace">;; global options: +cmd</font></div><div><font face="monospace, monospace">;; Got answer:</font></div><div><font face="monospace, monospace">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35173</font></div><div><font face="monospace, monospace">;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1</font></div><div><font face="monospace, monospace">;; WARNING: recursion requested but not available</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">;; OPT PSEUDOSECTION:</font></div><div><font face="monospace, monospace">; EDNS: version: 0, flags: do; udp: 4096</font></div><div><font face="monospace, monospace">;; QUESTION SECTION:</font></div><div><font face="monospace, monospace">;.<span style="white-space:pre">                        </span>IN DNSKEY</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">;; ANSWER SECTION:</font></div><div><font face="monospace, monospace">.<span style="white-space:pre">                        </span>172800 IN DNSKEY 256 3 8 (</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>AwEAAYvxrQOOujKdZz+37P+oL4l7e35/0diH/mZITGjl</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>p4f81ZGQK42HNxSfkiSahinPR3t0YQhjC393NX4TorSi</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>TJy76TBWddNOkC/IaGqcb4erU+nQ75k2Lf0oIpA7qTCk</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>3UkzYBqhKDHHAr2UditE7uFLDcoX4nBLCoaH5FtfxhUq</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>yTlRu0RBXAEuKO+rORTFP0XgA5vlzVmXtwCkb9G8GknH</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>uO1jVAwu3syPRVHErIbaXs1+jahvWWL+Do4wd+lA+TL3</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>+pUk+zKTD2ncq7ZbJBZddo9T7PZjvntWJUzIHIMWZRFA</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>jpi+V7pgh0o1KYXZgDUbiA1s9oLAL1KLSdmoIYM=</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>) ; ZSK; alg = RSASHA256 ; key id = 15768</font></div><div><font face="monospace, monospace">.<span style="white-space:pre">                        </span>172800 IN DNSKEY 256 3 8 (</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>AwEAAcRIZfxskdElMKgjwvWQO2bQe7EGAvX6zgIaqmbs</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>aMqmMrIpd1+bP7nyULLuL8jWnKAqcaVfal2yJD50gg5z</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>Fl5yW/F9dKNXXEFI7VEcGrPyG6/OrA9RBU8pGWm0qxps</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>Nm5UIgTU5IX7pb/0rBj67c/R7qln8sjH1ylsr4f1Y3R6</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>p/druiEalKasEjGKA9L2w9jzUQusWxM7fQx/T8c/3x3b</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>sjveD1dleQ6MJaCx4bpPXYZpqXmSvGn+T2v5350cBVAF</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>qVKhGbjxEyXAweem8cTU4L1p+DV7Ua11a1tMf0Tlu8pk</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>pLwh7NQIggIEhJwEhPeXE3E4C6Q2/PFENcoFERc=</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>) ; ZSK; alg = RSASHA256 ; key id = 46809</font></div><div><font face="monospace, monospace">.<span style="white-space:pre">                        </span>172800 IN DNSKEY 257 3 8 (</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>) ; KSK; alg = RSASHA256 ; key id = 19036</font></div><div><font face="monospace, monospace">.<span style="white-space:pre">                        </span>172800 IN DNSKEY 257 3 8 (</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTO</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>iW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLY</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>A4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>) ; KSK; alg = RSASHA256 ; key id = 20326</font></div><div><font face="monospace, monospace">.<span style="white-space:pre">                        </span>172800 IN RRSIG<span style="white-space:pre">        </span>DNSKEY 8 0 172800 (</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>20171010000000 20170919000000 19036 .</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>G1B0YY5YGCRtT3HuZhR6/ivgiiZ5uBSkPri6Mrhz6lZt</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>JeQMeIPiIlAO+Y8jEkurNYPL4Gk1kaprSKBbKnB3joIe</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>GHGBBRiKYgS0cQk/NWuEX9JfLtW0RwZhrXTN7JsH15/W</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>EjFQkH0LnR+R3WUFH8uHR4kxLFKztKDSZoNf+PR7pa8P</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>K98YcjSW7rZcTV70V3daSwQTeJIpXpUhVUGXXju9WN0c</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>RVVYCk7sRteUqKqJQxLBAlzYQX2CgPhZOTypqJxzj12e</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>9Y/9WPGkBLqfxHms0c/Om+NO5WhNNONLdoXX8Yw4okFC</font></div><div><font face="monospace, monospace"><span style="white-space:pre">                                </span>podGUO/UMrgM4qm7SWxXkjZwedzDZFJpYA== )</font></div><div><font face="monospace, monospace"><br></font></div><div><font face="monospace, monospace">;; Query time: 101 msec</font></div><div><font face="monospace, monospace">;; SERVER: 2001:500:9f::42#53(2001:500:9f::42)</font></div><div><font face="monospace, monospace">;; WHEN: Wed Sep 20 16:23:50 UYT 2017</font></div><div><font face="monospace, monospace">;; MSG SIZE rcvd: 1414</font></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 20, 2017 at 4:22 PM, Luciano Minuchin <span dir="ltr"><<a href="mailto:luciano.minuchin@gmail.com" target="_blank">luciano.minuchin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Importante!!!, deifncion del horario para el cambio en la zona raiz.<div><br></div><div>Saludos.</div><div>Luciano.</div><div><br></div><div><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Matt Larson</b> <span dir="ltr"><<a href="mailto:matt.larson@icann.org" target="_blank">matt.larson@icann.org</a>></span><br>Date: 2017-09-20 14:25 GMT-03:00<br>Subject: Operational message: DNS root zone KSK rollover to occur on October 11, 2017 at 1600 UTC<br>To: "<a href="mailto:root-dnssec-announce@iana.org" target="_blank">root-dnssec-announce@iana.org</a><wbr>" <<a href="mailto:root-dnssec-announce@iana.org" target="_blank">root-dnssec-announce@iana.org</a><wbr>><br><br><br>The root zone management partners, ICANN and Verisign, are working together to change the DNS root zone's key-signing key (KSK). This process is referred to as "rolling" the root zone KSK.<br>
<br>
The root zone's apex DNSKEY RRset has been signed with the same KSK, known as KSK-2010, since the root zone was first signed in July, 2010. On October 11, 2017, at approximately 1600 UTC, the root zone will be published with the apex DNSKEY RRset signed for the first time with a new KSK, known as KSK-2017. The root zone apex DNSKEY RRset will be signed with only KSK-2017 going forward.<br>
<br>
While the specific date of the KSK rollover, October 11, 2017, had been announced previously, the time of 1600 UTC on that day has not been announced until now, which is the primary purpose of this message.<br>
<br>
The public portion of the root zone KSK is configured as a trust anchor in software performing DNSSEC validation. The configuration of any software performing DNSSEC validation will need to be updated to reference KSK-2017 on or before October 11, 2017, or all DNS responses received by that software will fail DNSSEC validation, resulting ultimately in error messages to end users. In many cases, software performing DNSSEC validation supports "Automated Updates of DNS Security", the protocol defined in RFC 5011 that can automatically update a DNSSEC validator's trust anchor configuration. If the software does not support this protocol, or it is incorrectly implemented or not configured correctly, the trust anchor will need to be updated manually.<br>
<br>
Anyone operating software performing DNSSEC validation with the root zone KSK configured as a trust anchor must take action on or before October 11, 2017, to confirm that their software is configured with KSK-2017 as a trust anchor and, if not, take the necessary steps to update the configuration.<br>
<br>
Further information about the root KSK rollover, including information about how to check and update the trust anchor configuration of popular recursive resolver implementations that support DNSSEC validation, is available at <a href="https://icann.org/kskroll" rel="noreferrer" target="_blank">https://icann.org/kskroll</a>.<br>
<br>
For the root zone management partners,<br>
<br>
Matt Larson<br>
VP of Research, ICANN<br>
<br>
Duane Wessels<br>
Distinguished Engineer, Verisign<br>
<br>
______________________________<wbr>_________________<br>
root-dnssec-announce mailing list<br>
<a href="mailto:root-dnssec-announce@icann.org" target="_blank">root-dnssec-announce@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/root-dnssec-announce" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/root-dnssec-announce</a><br>
</div><br></div></div>
<br>______________________________<wbr>_________________<br>
dns-esp mailing list<br>
<a href="mailto:dns-esp@listas.nic.cl">dns-esp@listas.nic.cl</a><br>
<a href="https://listas.nic.cl/mailman/listinfo/dns-esp" rel="noreferrer" target="_blank">https://listas.nic.cl/mailman/<wbr>listinfo/dns-esp</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Mauricio Vergara Ereche<br>Los Angeles, CA<br><a href="http://mave.cero32.cl" target="_blank">http://mave.cero32.cl</a></div></div>
</div>