On Aug 20, 2014, at 2:14 PM, Paul Wouters <[email protected]> wrote: >>> has anyone come up with a daemon that updates "the trust anchor" (in the >>> various configuration files in which it might be found) in the event of a >>> root KSK roll? >> You mean, something like autotrust? >> <http://nlnetlabs.nl/projects/autotrust/> > Which was obsoleted/folded into unbound which does it without other > assistance now.
Perhaps it might make sense to resurrect it for stuff like libval and validating resolvers that don’t (or aren’t allowed to) do 5011? Regards, -drc
signature.asc
Description: Message signed with OpenPGP using GPGMail
