[ksk-change] How to tell which trust anchors are present at a DNS resolver.

[Petr Spacek]

On 24.3.2015 22:55, Michael StJohns wrote:
>> Perhaps worth considering alternative proposals such as some kind of CHAOS
>> TXT query?
> Yuck.

I really dislike messing with IN class semantics and CH TXT either.

Why not use query . CH DS ?

Looking at BIND 9.11 sources, it seems that DS and DNSKEY are class-independent.

-- 
Petr Spacek  @  Red Hat