root-anchor.xml & anchors.xml in Bind

Alan Clegg aclegg at isc.org
Sat Jul 17 14:20:10 UTC 2010


On 7/17/2010 9:49 AM, Lyle Giese wrote:

> What is the difference between managed-keys and trusted-keys? 

Managed keys automatically watch for RFC-5011 "roll over" and update
when new keys are made available.  Trusted keys are manually managed and
will cause you to have problems if you forget to change a key during key
rollovers.

> And should I be importing anchors.xml as managed-keys instead of
> trusted-keys?

I'm recommending managed-keys.

AlanC

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100717/4e0bb5e4/attachment.bin>


More information about the bind-users mailing list