sdns icon indicating copy to clipboard operation
sdns copied to clipboard

Published 20 hours ago verified publisher icon semihalev

RFC 5011 support

Open miekg opened this issue 5 years ago • 1 comments

RFC 5011: Automated Updates of DNS Security (DNSSEC) Trust Anchors

is an RFC that tells you how to detect a root (KSK) key rollover happens and how to update your currently configured root-anchor.

I haven't implemented this myself, but it would be a nice addition.

miekg avatar Oct 20 '18 13:10 miekg

I read the RFC before and exactly it's very useful and necessary here. I will check technical details again in RFC about this.

semihalev avatar Oct 20 '18 13:10 semihalev

Hey Miek,

I added the auto trust anchors support on last commit. I read on ICANN, new KSK rollover soon. I made test server for root zone for all rollover states. This update successfully update trust anchors as described 5011 on my tests.

Thanks for your support.

semihalev avatar Aug 03 '23 10:08 semihalev