Re: where is the DNSSEC root key?
On Thu, Oct 04, 2012 at 03:10:01PM -0400, Chris Knadle wrote:
> Last I looked into this [which has admittedly been a while], Bind 9 was the
> only DNS server that had actually implemented DNSSEC, and the others I looked
> at (PowerDNS, djbdns, tinydns) had stated (IIRC) that they were /not/ going to
> be implementing it.
Obviously there are also recursive resolver implementations, like unbound. To
the client they look like DNS servers, too. (And you really want to use one of
them on your local machine to do the DNSSEC validation.)
Generally plain servers do not care about the key, it's just the recursive
resolvers that need it.
> The problem with this idea is that files installed by Debian packages must be
> unique in order to avoid file conflicts between packages. One way around this
> issue is via 'alternatives'. 
Alternatives don't make sense. A dedicated packages might make some.