> given that their respective administrators have > declared an intention to follow RFC 5011 if they ever roll over their > KSKs.
As you say "if they ever roll"; I'm not placing any money on that. ;-) > I could of course set up such a test zone and try to perform an RFC 5011 > rollover on it, using dnssec-revoke and/or the -R option of dnssec-settime, > meanwhile tracking it on another system via a managed-keys entry, but then > if it all went pear-shaped it might not be clear whether I had performed > the rollover correctly or not. I would gladly participate in such a test, if you need me. -JP _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users