> Does anyone provide a zone with a trust anchor that is frequently rolled over in that way, just so that one can see whether it really works? Then one's feelings might be warmer and less fuzzy...
I looked at the DNSSEC section of the bind test suite (bind-9.9.0b2/bin/tests/system/dnssec) to see if a key rollover test is part of it. I didn't see that, but it may be elsewhere, as the test suite is pretty elaborate. The test suite does contain a simulated root server (ns1), so I bet that with a little ingenuity you could devise a key rollover test. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users