On 4/18/12 12:18 PM, Spain, Dr. Jeffry A. wrote: >> ;; WARNING There is no DS for the zone: . >> Isn't the "DS for the zone: ." what the "managed-keys" clause provides? > > Now I think I see what you mean. It is my understanding that DS records exist > in parent zones and refer to child zones that are to be trusted. Thus there > is no DS record referring to the root zone, as it by definition has no > parent. The root trust anchor provided by managed-keys or dnssec-validation > serves the same purpose as this non-existent DS record. The warning above > makes sense in this context. Jeff.
Right - although the trust anchor is provided, it's not actually a DS record, so you still get the warning... Now on to research key rotation management... _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
