sdns
sdns copied to clipboard
RFC 5011 support
RFC 5011: Automated Updates of DNS Security (DNSSEC) Trust Anchors
is an RFC that tells you how to detect a root (KSK) key rollover happens and how to update your currently configured root-anchor.
I haven't implemented this myself, but it would be a nice addition.
I read the RFC before and exactly it's very useful and necessary here. I will check technical details again in RFC about this.
Hey Miek,
I added the auto trust anchors support on last commit. I read on ICANN, new KSK rollover soon. I made test server for root zone for all rollover states. This update successfully update trust anchors as described 5011 on my tests.
Thanks for your support.