Exercising RFC 5011 rollovers
Jan-Piet Mens
jpmens.dns at gmail.com
Fri Nov 25 18:33:02 UTC 2011
> given that their respective administrators have
> declared an intention to follow RFC 5011 if they ever roll over their
> KSKs.
As you say "if they ever roll"; I'm not placing any money on that. ;-)
> I could of course set up such a test zone and try to perform an RFC 5011
> rollover on it, using dnssec-revoke and/or the -R option of dnssec-settime,
> meanwhile tracking it on another system via a managed-keys entry, but then
> if it all went pear-shaped it might not be clear whether I had performed
> the rollover correctly or not.
I would gladly participate in such a test, if you need me.
-JP
More information about the bind-users
mailing list