> Though I am still curious about this from the end of sigchase output: > Launch a query to find a RRset of type DS for zone: . > ;; NO ANSWERS: no more > ;; WARNING There is no DS for the zone: . > Isn't the "DS for the zone: ." what the "managed-keys" clause provides?
Now I think I see what you mean. It is my understanding that DS records exist in parent zones and refer to child zones that are to be trusted. Thus there is no DS record referring to the root zone, as it by definition has no parent. The root trust anchor provided by managed-keys or dnssec-validation serves the same purpose as this non-existent DS record. The warning above makes sense in this context. Jeff. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users