On Fri, 16 Jul 2010, Iljitsch van Beijnum wrote:
Too bad it doesn't work for me.
BIND's trust anchors are in DNSKEY format, but IANA publishes the root key
in DS format. You can fetch the root DNSKEY using dig, convert it into
a DS using BIND's dnssec-dsfromkey program and compare the result to the
published trust anchor to verify that you have the right DNSKEY before
adding it to BIND's configuration. There is a longer explanation of the
process at http://fanf.livejournal.com/107310.html
unbound requires trust anchors in DS format which is somewhat more
convenient, though you still have to edit IANA's XML to convert it into
master file format.
Tony.
--
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
MALIN HEBRIDES BAILEY: WESTERLY OR NORTHWESTERLY 5 TO 7, OCCASIONALLY GALE 8
BAILEY, BUT CYCLONIC 4 OR 5 FOR A TIME IN NORTH HEBRIDES. ROUGH OR VERY ROUGH.
RAIN OR SQUALLY SHOWERS. MODERATE OR GOOD, OCCASIONALLY POOR.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf