Exercising RFC 5011 rollovers
Spain, Dr. Jeffry A.
spainj at countryday.net
Fri Nov 25 20:17:13 UTC 2011
> Does anyone provide a zone with a trust anchor that is frequently rolled
over in that way, just so that one can see whether it really works? Then
one's feelings might be warmer and less fuzzy...
I looked at the DNSSEC section of the bind test suite (bind-9.9.0b2/bin/tests/system/dnssec) to see if a key rollover test is part of it. I didn't see that, but it may be elsewhere, as the test suite is pretty elaborate. The test suite does contain a simulated root server (ns1), so I bet that with a little ingenuity you could devise a key rollover test.
More information about the bind-users