Frank Lampard has urged the FA to severely punish the fans who assault players, having suffered similar attacks like Aston Villa midfielder Jack Grealish back in his playing days.Villa midfielder Jack Grealish was punched from behind by a Birmingham fan in the Second City derby on Sunday.However, the pitch invader will serve a 14-week jail sentence as the punishment for his offence.Hold my beer, I’m gonna run on the pitch and punch Jack Grealish in the face pic.twitter.com/PxrNKCbF5r— Hold My Beer (@HoIdMyBeer_) March 11, 2019Former Chelsea midfielder Lampard who narrowly escaped a punch from a Spurs fan in the Blues 2-1 victory at White Hart Lane feels more should be done to avoid a future occurrence.“It’s an unfortunate part of being in the public eye or playing a sport in public, it shouldn’t be,” said Lampard via Sky Sports.Frank Lampard admits Chelsea may struggle for top-six spot Andrew Smyth – September 14, 2019 Chelsea manager Frank Lampard couldn’t offer any guarantees on a top-six finish this season due to the strong competition.“I hope players are not playing with a fear of this happening again. We’re all aware of it and have been for many years.“I didn’t like the experience. You have to deal with it. The stamping out thing is how you deal with it and how strong you are. I think we’re very lenient sometimes.”Grealish revealed he was lucky the supporter had no weapon, suggesting the outcome would have been worse.The Grealish incident reminds me of a certain Spurs fan trying to punch Lampard. pic.twitter.com/Pdm0GLL3Kb— Scott (@KepaBall) March 10, 2019Lampard admits it remains an “obvious fear” going forward.“Maybe this could be a shock to the system to stop that more dangerous thing happening in the future,” he added.
On Thursday, October 11, 2018, at 16:00 UTC, ICANN will change the cryptographic key that is at the center of the DNS security system- what is called DNSSEC. The current key has been in place since July 15, 2010. This switching of the central security key for DNS is called the “Root Key Signing Key (KSK) Rollover”. The above replacement was originally planned a year back. The procedure was previously postponed because of data that suggested that a significant number of resolvers where not ready for the rollover. However, the question is ‘Are your systems prepared so that DNS will keep functioning for your networks?’ DNSSEC is a system of digital signatures to prevent DNS spoofing. Maintaining an up-to-date KSK is essential to ensuring DNSSEC-validating DNS resolvers continue to function following the rollover. If the KSK isn’t up to date, the DNSSEC-validating DNS resolvers will be unable to resolve any DNS queries. If the switch happens smoothly, users will not notice any visible changes and their systems will work as usual. However, if their DNS resolvers are not ready to use the new key, users may not be able to reach many websites! That being said, there’s good news for those who have been keeping up with recent DNS updates. Since this rollover was delayed for almost a year, most of the DNS resolver software has been shipping for quite some time with the new key. Users who have been up to date with this news will have their systems all set for this change. If not, we’ve got you covered! But first, let’s do a quick background check. As of today, the root zone is still signed by the old KSK with the ID 19036 also called KSK-2010. The new KSK with the ID 20326 was published in the DNS in July 2017 and is called KSK-2017. The KSK-2010 is currently used to sign itself, to sign the Root Zone Signing Key (ZSK) and to sign the new KSK-2017. The rollover only affects the KSK. The ZSK gets updated and replaced more frequently without the need to update the trust anchor inside the resolver. Source: Suse.com You can go ahead and watch ICANN’s short video to understand all about the switch Now that you have understood all about the switch, let’s go through all the checks you need to perform #1 Check if you have the new DNSSEC Root Key installed Users need to ensure they have the new DNSSEC Root key ( KSK-2017) has Key ID 20326. To check this, perform the following: – bind – see /etc/named.root.key- unbound / libunbound – see /var/lib/unbound/root.key- dnsmasq – see /usr/share/dnsmasq/trust-anchors.conf- knot-resolver – see /etc/knot-resolver/root.keys There is no need for them to restart their DNS service unless the server has been running for more than a year and does not support RFC 5011. #2 A Backup plan in case of unexpected problems The RedHat team assures users that there is very less probability of occurrence of DNS issues. Incase they do encounter a problem, they have been advised to restart their DNS server. They can try to use the dig +dnssec dnskey. If all else fails, they should temporarily switch to a public DNS operator. #3 Check for an incomplete RFC 5011 process When the switch happens, containers or virtual machines that have old configuration files and new software would only have the soon to be removed DNSSEC Root Key. This is logged via RFC 8145 to the root name servers which provides ICANN with the above statistics. The server then updates the key via RFC 5011. But there are possibilities that it shuts down before the 30 day hold timer has been reached. It can also happen that the hold timer is reached and the configuration file cannot be written to or the file could be written to, but the image is destroyed on shutdown/reboot and a restart of the container that does not contain the new key. RedHat believes the switch of this cryptographic key will lead to an improved level of security and trust that users can have online! To know more about this rollover, head to RedHat’s official Blog. Read Next What Google, RedHat, Oracle, and others announced at KubeCon + CloudNativeCon 2018 Google, IBM, RedHat and others launch Istio 1.0 service mesh for microservices Red Hat infrastructure migration solution for proprietary and siloed infrastructure