[Fwd: Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories]

Paul Wouters paul at xelerance.com
Fri Feb 5 21:25:25 UTC 2010


On Sat, 6 Feb 2010, Mark Andrews wrote:

>> We (= me and Paul Wouters) are working on dnssec-conf update. Sorry
>> for troubles.

> The better thing would be a a script to fetch the current keys
> nightly, perform a sanity check, then update or inform the administator
> and let them update the keys after inspection.  I do something like
> this myself nightly.

With the current success of the DLV, and the root zone deployment half
a year away, it is not really required anymore. I think it is much better
to get rid of all trust anchors apart from the ISC DLV key.

Paul



More information about the bind-users mailing list