On 08/20/2014 11:22 PM, David Conrad wrote: > On Aug 20, 2014, at 2:14 PM, Paul Wouters <[email protected]> wrote: >>>> has anyone come up with a daemon that updates "the trust anchor" (in the >>>> various configuration files in which it might be found) in the event of a >>>> root KSK roll? >>> You mean, something like autotrust? >>> <http://nlnetlabs.nl/projects/autotrust/> >> Which was obsoleted/folded into unbound which does it without other >> assistance now. > > Perhaps it might make sense to resurrect it for stuff like libval and > validating resolvers that don’t (or aren’t allowed to) do 5011?
>From the point we folded it into unbound, it has seen minor fixes. The standalone tool should still be functional. It even passed timed model-based conformance testing [1] :) Unbound's autotrust and the standalone tool are almost one to one. I guess it would take maybe an hour of work to incorporate the changes made in unbound back into the standalone tool. Best regards, Matthijs [1] http://www.cs.ru.nl/~julien/Julien_at_Nijmegen/rutz_bt.html > > Regards, > -drc >
