On Jul 6, 2010, at 1:04 PM, Tim Verhoeven wrote: > So this needs to be configurable behavior. Does anyone know what the > policy on this is by the root zone ?
The root zone also requires the DNSKEY to be present in the child zone. see http://www.root-dnssec.org/wp-content/uploads/2010/05/draft-trust-anchor-procedure.pdf At the time of the trust anchor request, there must be a DNSKEY that matches the DS record present in the child zone. DW_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
