root-anchor.xml & anchors.xml in Bind
Lyle Giese
lyle at lcrcomputer.net
Sat Jul 17 16:12:16 UTC 2010
Alan Clegg wrote:
> On 7/17/2010 9:49 AM, Lyle Giese wrote:
>
>
>> What is the difference between managed-keys and trusted-keys?
>>
>
> Managed keys automatically watch for RFC-5011 "roll over" and update
> when new keys are made available. Trusted keys are manually managed and
> will cause you to have problems if you forget to change a key during key
> rollovers.
>
>
>> And should I be importing anchors.xml as managed-keys instead of
>> trusted-keys?
>>
>
> I'm recommending managed-keys.
>
> AlanC
>
>
>
Then why was anchors2keys written to create only trusted-keys?<GRIN>?
It doesn't look hard to modify the script, but there appears to be
subtle differences in syntax between the two data types.
Or better yet, make it a runtime option in anchors2keys to create
managed keys or trusted keys data set.
Lyle Giese
LCR Computer Services, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100717/8182997e/attachment.html>
More information about the bind-users
mailing list