1# The bind.keys file is used to override the built-in DNSSEC trust anchors 2# which are included as part of BIND 9. The only trust anchors it contains 3# are for the DNS root zone ("."). Trust anchors for any other zones MUST 4# be configured elsewhere; if they are configured here, they will not be 5# recognized or used by named. 6# 7# To use the built-in root key, set "dnssec-validation auto;" in the 8# named.conf options, or else leave "dnssec-validation" unset. If 9# "dnssec-validation" is set to "yes", then the keys in this file are 10# ignored; keys will need to be explicitly configured in named.conf for 11# validation to work. "auto" is the default setting, unless named is 12# built with "configure --disable-auto-validation", in which case the 13# default is "yes". 14# 15# This file is NOT expected to be user-configured. 16# 17# Servers being set up for the first time can use the contents of this file 18# as initializing keys; thereafter, the keys in the managed key database 19# will be trusted and maintained automatically. 20# 21# These keys are current as of Mar 2019. If any key fails to initialize 22# correctly, it may have expired. In that event you should replace this 23# file with a current version. The latest version of bind.keys can always 24# be obtained from ISC at https://www.isc.org/bind-keys. 25# 26# See https://data.iana.org/root-anchors/root-anchors.xml for current trust 27# anchor information for the root zone. 28 29trust-anchors { 30 # This key (20326) was published in the root zone in 2017. 31 . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 32 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv 33 ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF 34 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e 35 oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd 36 RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN 37 R1AkUTV74bU="; 38}; 39