[ksk-rollover] new root trust anchor confirmation
Wessels, Duane
dwessels at verisign.com
Thu Aug 10 18:03:42 UTC 2017
> On Aug 10, 2017, at 9:57 AM, Daisuke HIGASHI <daisuke.higashi at gmail.com> wrote:
>
> Is there any method to confirm that my validator has accepted new
> root KSK trust anchor and can actually validates with new TA before 11
> Oct?
In general, no.
If you happen to run a recent unbound you could query your validator for
trustanchor.unbound CH TXT
>
> Any test records signed with _only_ new KSK in root zone?
This doesn't work. Such a record would validate even if your trust anchor didn't get updated.
DW
More information about the ksk-rollover
mailing list