Scripts for zsk rollover in 9.7

[Evan Hunt]

> So before I go rolling my own perl solution to read the
> metadata out of the keyfiles and do the ZSK rolls, are
> there any utilities that do this in 9.7. It looks like when
> a zsk expires, bind's auto-signing will just drop it from
> the zone.

I recommend that you not set an expiration date for any key
until you have created its successor.

We have plans to improve this in 9.7.x (where x probably equals 1)
in a couple of ways: first, by making it possible to assign each key
an explicit successor key and warn the user if a key is set to expire
without a successor; second, by making it possible to configure
named itself to generate new keys.

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.