[Opendnssec-user] Version 1.1.0 and KSK rollover logic
dwessels at verisign.com
Tue Jul 6 20:12:53 UTC 2010
On Jul 6, 2010, at 1:04 PM, Tim Verhoeven wrote:
> So this needs to be configurable behavior. Does anyone know what the
> policy on this is by the root zone ?
The root zone also requires the DNSKEY to be present in the child zone.
At the time of the trust anchor request, there must be a DNSKEY
that matches the DS record present in the child zone.
More information about the Opendnssec-user