[Opendnssec-user] Version 1.1.0 and KSK rollover logic

Tim Verhoeven tim.verhoeven.be at gmail.com
Tue Jul 6 20:04:47 UTC 2010


On Tue, Jul 6, 2010 at 5:31 PM, Pierre Lebrech
<pierre.lebrech at laposte.net> wrote:
> OK, good idea. But some parent zones holders check to see if the
> corresponding DNSKEY is present in the child zone before accepting
> DS records. I have DLV in mind... So in this scenario, DS records can
> not be submitted.
>

We ourselves (the .be zone) will also verify the DNSKEY if it is
present in the child zone before publishing the DS record. As is our
cousin zone .eu.

So this needs to be configurable behavior. Does anyone know what the
policy on this is by the root zone ?

Regards,
Tim

-- 
Tim Verhoeven - tim.verhoeven.be at gmail.com - 0479 / 88 11 83

Hoping the problem  magically goes away  by ignoring it is the
"microsoft approach to programming" and should never be allowed.
(Linus Torvalds)



More information about the Opendnssec-user mailing list