Le 4 mars 2025 à 08:31, Mike Wright <knot_at_lists_theorb_net_48qbhjm2vj0347_9f4bab04@icloud.com> a écrit :

On 3/3/25 23:18, Vladimír Čunát wrote:

Hello.
On 04/03/2025 08.00, Mike Wright wrote:

I've found this warning in my journal:

... kresd[1071788]: [taupd ] you need to update package with trust anchors in "/usr/share/dns/root.key" before it breaks

I don't know how to do that.

I think my system is current but just ran: apt update; apt list --upgradable and it shows nothing regarding knot. 

First of all, ICANN is super-careful, so there's no need to panic (yet).  I read that they don't plan to sign with the new key before October 2026:
https://lists.icann.org/hyperkitty/list/root-dnssec-announce@icann.org/message/YRBAIAU5YI3FGGUY3YKNM4HLVCVLFXMA/
As I see you mentioning `apt`, I think this update is exactly what is needed
https://tracker.debian.org/news/1603458/accepted-dns-root-data-2024071801deb12u1-source-into-proposed-updates/
and incarnations of that in various versions of Debian, Ubuntu and other derivatives.  I really hope that a well-maintained distro couldn't miss to update this.
--Vladimir

Thank you, Vladimir.

Now that I know the package name I did:

 # apt install dns-root-data -y
 ...
 dns-root-data is already the newest version (2024041801~deb12u1).

I can quit panicking about this and get back to panicking about all the other things going on ;D

Mike Wright
--