[Opendnssec-user] Version 1.1.0 and KSK rollover logic
tim.verhoeven.be at gmail.com
Tue Jul 6 20:04:47 UTC 2010
On Tue, Jul 6, 2010 at 5:31 PM, Pierre Lebrech
<pierre.lebrech at laposte.net> wrote:
> OK, good idea. But some parent zones holders check to see if the
> corresponding DNSKEY is present in the child zone before accepting
> DS records. I have DLV in mind... So in this scenario, DS records can
> not be submitted.
We ourselves (the .be zone) will also verify the DNSKEY if it is
present in the child zone before publishing the DS record. As is our
cousin zone .eu.
So this needs to be configurable behavior. Does anyone know what the
policy on this is by the root zone ?
Tim Verhoeven - tim.verhoeven.be at gmail.com - 0479 / 88 11 83
Hoping the problem magically goes away by ignoring it is the
"microsoft approach to programming" and should never be allowed.
More information about the Opendnssec-user