[ksk-change] How to tell which trust anchors are present at a DNS resolver.

Petr Spacek pspacek at redhat.com
Wed Mar 25 09:00:25 UTC 2015

On 24.3.2015 22:55, Michael StJohns wrote:
>> Perhaps worth considering alternative proposals such as some kind of CHAOS
>> TXT query?
> Yuck.

I really dislike messing with IN class semantics and CH TXT either.

Why not use query . CH DS ?

Looking at BIND 9.11 sources, it seems that DS and DNSKEY are class-independent.

Petr Spacek  @  Red Hat

More information about the ksk-rollover mailing list