On 6 jul 2010, at 22.12, Duane Wessels <[email protected]> wrote:
> The root zone also requires the DNSKEY to be present in the child zone. > > see > http://www.root-dnssec.org/wp-content/uploads/2010/05/draft-trust-anchor-procedure.pdf > > At the time of the trust anchor request, there must be a DNSKEY > that matches the DS record present in the child zone. This is not always true - if a zone wants to pre-publish a DS as part of a key rollover, it is possible to do that. One should be able to show that this introduces no harm though. / Jakob _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
