[dns-operations] "KSK-2017" appears
Dick Visser
dick.visser at geant.org
Wed Jul 12 13:22:24 UTC 2017
On 11 July 2017 at 15:06, Edward Lewis <edward.lewis at icann.org> wrote:
> $ dig . DNSKEY +dnssec @a.root-servers.net
I am somewhat confused about BIND9's 'dnssec-validation' option.
I read in various places that setting this to 'auto' will cause BIND
to fetch a new anchor using rc5011.
For instance https://www.isc.org/blogs/2017-root-key-rollover-what-does-it-mean-for-bind-users/
mentions:
"After it is running, BIND observes if there are new trust anchors
being introduced for the root, and downloads them and updates the
trust anchor database."
Does this happen in-memory?
At least I don't think any config files will be changed...?
thanks
--
Dick Visser
Sr. System & Network Engineer
GÉANT
Want to join us? We're hiring: https://www.geant.org/jobs
More information about the dns-operations
mailing list