In message <aanlktik1cd0xkearue2brdkxpnb6cvyz4zn-qvuv9...@mail.gmail.com>, itse rvices88 writes: > > I heard that root zone will be signed (or is already signed), so what > changes would be required with respect to the current additions of adding > dlv.isc.org as trust anchor and its associated trusted key ? Do we need to > keep the isc dlv ? or add a new key for the root ? > > Thanks > -dani
When the signed root goes operational you should add a managed trusted key for it as I believe that the root will be following the rules in RFC 5011. Managed trusted keys were introduced in BIND 9.7.0. You will still need to use DLV for the parts of the tree which are not connected to the root. The root's trust anchors will be added to DLV so there is no need to rush to do this. As far as DLV is concerned the root is just another zone. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users