--- Begin Message ---
Matthew,
> Given that having a standby key is a standard (and probably good!) practice,
> should Zonemaster perhaps classify this as less of a problem, maybe as a
> "warning"?
>
> Obviously there needs to be at least one KSK signing the DNSKEYs...
[AM] Good point. I'll talk to the zonemaster team, and find out whether we can
change that reporting aspect. I'm not sure zonemaster is capable of doing more
complicated / inter-dependend levels (such as "ERROR", unless there's other DS
chains that validate, then "WARNING")..
Best,
Alex
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
