Mission Complete. Site down. FYI only

Faux root zone with continually rolling KSK and ZSKs (Schedule)
Slightly delayed KSK roll and no missing key Extended Rickroll Final

NOTICES:
Mission complete. Turning down site 5 Aug 2019 12:00:00

1-8 August 2018: Hardware replacement/update

3 April 2017: Switched to Lets Encrypt Certificate for SSL

10-12 Dec 2016: Router outage. Back now.

22 June 2016: Trust Anchors XML file now tracks introduction, revoke, and removal of KSKs.

14 June 2016: Shortened TTL in zone to be proportional to validity period to avoid expired signatures in caches.

29 May 2016: Schedule modfication. Keep old unused KSK in DNSKEY RRSet until revokation to minimize BIND logging regarding missing key.

22 May 2016: RRSIG expired due to 1 hour inability to get copy of root zone. Have made changes to use last known good copy.

16 May 2016: Delay KSK cutover one slot. Slight modification to schedule starting at 11:00 PDT in order to maintain separation of ZSK and KSK changes and thus simplify fallback. Based on 2013 KSK roll schedule

14 April 2016: At the suggestion of a user, I have duplicated the the IPv4 address for a.moot-servers.net to all others to make them answerable.

5 April 2016: Added KNOT Resolver (kresd) testing and howto.

11 March 2016: Done. Also added links to root.hints, upgraded Unbound, and other minor site updates.

3 March 2016: Will be upping the ZSK size from 1024 to 2048 bit on this test bed over the next few days for testing purposes

Rescheduled: 27 Sept 2015 at 0900 PDT: SSD replacement. Expect 1 hour outage.

7 Sept 2015 More memory, more processors, more power = more problems. LV PSU overload over weekend. Now fixed.

1 Sept 2015 Equipment upgrade happening TODAY. System may be down for short period. More memory, More processors. FINISHED 10:45PM PST

16 Aug 2015 Network equipment overheating. System kept running but routers did not. Fixed Sun Aug 16 20:40:37 PDT 2015.

1 Aug 2015 Note: Turned on some rate-limiting in router. Let me know if this limits your tests and I will fix.

29 July 2015 Wed Jul 29 19:43 UTC Conversion complete.

29 July 2015 NOTE: New root KSK rollover schedule proposed. I will be changing the rollover schedule on this site later today to match Extended Rickroll Final. I will attempt to make this seamless by using the existing key on the live system so that your resolvers should keep working. If they do not, update your key (e.g., unbound.root.key file) to the current one. Old key schedule here.

28 July 2015 NOTE: I will be doing some development work over the next 2 days at the request of KSK team members. I see a number of others relying on this system so I will do my best not to effect the current system but such work being what it is, you may see a reboot. System has been up since end of April 2015 and no failures seen on MSFT DNS or Unbound resolvers operating under accelerated 5011 timings.

Root server (NSD) Current state indicated by red block in first row. ~60 seconds per slot

Corresponding resolver config:
unbound.conf
root.hints Minimal:
.                        12  IN NS    A.MOOT-SERVERS.NET.
A.MOOT-SERVERS.NET.      12  IN A     192.101.186.81
A.MOOT-SERVERS.NET.      12  IN AAAA  2001:470:8165:1::81

Set initial unbound.root.key to:
.			12	IN	DNSKEY	257 3 8 AwEAAbPOgRmaDOJ6opfr83IdiQZfplxA9TfZChmAXg0Clh8cL8MnDZFK EMvtRkliutQ2s41/i8n4fcmK6jyydsWkK393GFBbr/wDeMYMVgSRSvJy bvI2P3+7eR5O6zbnHBA9RHBFFgb/0n3+lbFlFXJvBe8LbzTHjWPLuIdi oWAG4PIR/RtCqL5fRBGmmupSLWZTMKqQ+6hddgRZnUyh2OA4OVPxgW98 rCh3HCStnwOtQ7EA385CXTRZrxSS5i+ZY6VAsFs+7GKzF6wW0uf9fLv0 uTvDp3qptAx1OYbPIhGAlBx35KWyTts/PYXSuzeWboxxklvW7D3K84GX 8M9UkZtFc4U=
.			12	IN	DNSKEY	257 3 8 AwEAAfcjKs7IjdE+uVKGNF6VLoTaYGq+Ktu7nGAn+5bOZ5dJJHy9BQ2/ mvzxi8cU0ArjULr7cJuwRbUyCngp/eBPY+xtTCtUviBU3ply8P8hfXAg InG0/+F37WtjIypTJwUy6u0Q5CvdO1vbQXpb9xVWjsaYg3y2KIzt6GFB bE5W2zNjMTEn5wUp3p5hxG5Cuui3drPup9yq+Qet/9Y7G+L5pfKvkjVL mba6nSa+p91mTulTJKQm9ftCRpvyWoStPEUlqQr96w71hwhlKoObSTeI WBo9VJNfFsxnGZzy1k3aGhWNuNaUzJhq8UiAIfzIV/q7qbjlVqp79tEl zf9G8ctdq4c=
T+0T+10T+20T+30T+40T+50T+60T+70T+80T+0T+10T+20T+30T+40T+50T+60T+70T+80T+0T+10T+20T+30T+40T+50T+60T+70T+80
59865
20868208682086820868208682086820868208682086820868
0361503615036150361503615036150361503615036150361503615
59865598655986559865598655986559865598655986559865
20868
6451064510645106451064510645106451064510645106451064510645106451064510645106451064510645106451064510645106451064510645106451064510
4045040450404504045040450404504045040450404504045040450404504045040450404504045040450404504045040450404504045040450404504045040450
113911391139113911391139113911391414141411391139113911391139113911391414141414251425142514251425142514251139

Notes:

Public Faux Root Resolvers using above:


Copyright (c) 2015, 2016, 2017 RLamb
Permission to use, copy, modify, and/or distribute this software for non-commercial use without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SERVICE AND SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SERVICE OR SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SERVICE OR SOFTWARE.