[Opendnssec-user] Version 1.1.0 and KSK rollover logic
Duane Wessels
dwessels at verisign.com
Tue Jul 6 20:12:53 UTC 2010
On Jul 6, 2010, at 1:04 PM, Tim Verhoeven wrote:
> So this needs to be configurable behavior. Does anyone know what the
> policy on this is by the root zone ?
The root zone also requires the DNSKEY to be present in the child zone.
see http://www.root-dnssec.org/wp-content/uploads/2010/05/draft-trust-anchor-procedure.pdf
At the time of the trust anchor request, there must be a DNSKEY
that matches the DS record present in the child zone.
DW
More information about the Opendnssec-user
mailing list