[ksk-change] How to tell which trust anchors are present at a DNS resolver.
Petr Spacek
pspacek at redhat.com
Wed Mar 25 09:00:25 UTC 2015
On 24.3.2015 22:55, Michael StJohns wrote:
>> Perhaps worth considering alternative proposals such as some kind of CHAOS
>> TXT query?
> Yuck.
I really dislike messing with IN class semantics and CH TXT either.
Why not use query . CH DS ?
Looking at BIND 9.11 sources, it seems that DS and DNSKEY are class-independent.
--
Petr Spacek @ Red Hat
More information about the ksk-rollover
mailing list