[Fwd: Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories]
Paul Wouters
paul at xelerance.com
Fri Feb 5 21:25:25 UTC 2010
On Sat, 6 Feb 2010, Mark Andrews wrote:
>> We (= me and Paul Wouters) are working on dnssec-conf update. Sorry
>> for troubles.
> The better thing would be a a script to fetch the current keys
> nightly, perform a sanity check, then update or inform the administator
> and let them update the keys after inspection. I do something like
> this myself nightly.
With the current success of the DLV, and the root zone deployment half
a year away, it is not really required anymore. I think it is much better
to get rid of all trust anchors apart from the ISC DLV key.
Paul
More information about the bind-users
mailing list