manage managed-keys?

[Evan Hunt]

> BTW, does bind keep track of a trust anchor history, i.e. the chain from
> the configured initial key to the now current TA? Or does it just keep
> the 'last known good'?

When a key expires, it's presumably going to be revoked first, then
eventually removed from the zone.  When it disappears, BIND starts a 30-day
timer.  At the end of that time, if the key hasn't reappeared, it's purged
from the managed-keys database.

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.