root-anchor.xml & anchors.xml in Bind

[Lyle Giese]

OK I am confused a bit.  Can someone shed just a bit of light on this
for me?  (This is such a new topic not much is available in searches yet)

IANA put out anchors2keys python script and I have that working.  If I
include the resulting files into named.conf as an include,
named(9.7.1-P2) loads up but does not mention importing those keys, but
complains loudly if the file asked for in the include statement is not
there. That part is good, it appears to be reaching out and at least
reading the file and knows it's there. But did it import that data and
is named using it?  That is not answered quite so quickly.

Now I read with great interest the thread here about how to use the
root-anchor.xml.  Kalman Feher takes the root-anchor output from
anchors2keys as a trusted-key and changes it to a managed-key and then
imports into named's data.  Doing that results in named adding the . key
into it's managed keys zone files and you can see them in the *.mkeys files.

What is the difference between managed-keys and trusted-keys? 

And should I be importing anchors.xml as managed-keys instead of
trusted-keys?

Thanks,
Lyle Giese
LCR Computer Services, Inc.