Re: where is the DNSSEC root key?
> However since all DNS servers are generally meant to use port 53, I
> think it's unlikely to install more than one DNS server locally, so
> I'm not sure if doing this makes sense from a packaging perspective.
> [I can see how it does from an administration perspective.]
It's actually not uncommon to run, e.g., rbldnsd on a nonstandard port,
and a full nameserver on port 53, which forwards queries to it. Now
that's not directly related, as rbldnsd will never need to know the
DNSSEC root keys ... but I'm just saying. It is quite possible that
somebody will want to run a recursive nameserver and an authoritative
nameserver, different packages, on the same host. I wouldn't bother
with that, mind you.