so the 

dnssec-debugger.verisignlabs.com showed my DS=20326/SHA-256 is now in the chain-of-trust



On Tue, Aug 15, 2017 at 7:36 PM, Sameka McNeil - NOAA Affiliate <sameka.s.mcneil@noaa.gov> wrote:
Could someone give me a hand. 

I added the new root KSK to my bind 9 configuration using the trusted-keys configuration.   

How to I know if its trusted and validated? 

Thank you for any assistance 

On Tue, Aug 15, 2017 at 4:47 PM, Evan Hunt <each@isc.org> wrote:
On Tue, Aug 15, 2017 at 07:54:55PM +0000, Paul Hoffman wrote:
> On Aug 10, 2017, at 2:03 PM, Evan Hunt <each@isc.org> wrote:
> > If you run a recent BIND, "rndc managed-keys status"
>
> That works in BIND 9.11.x; is there any equivalent for BIND 9.10.x, which
> is still much more prevalent in distros?

"rndc secroots" will dump a list of trusted keys, and the managed-keys.bind
file is readable and has comments that indicate whether trust is pending or
active for each key.

--
Evan Hunt -- each@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
ksk-rollover mailing list
ksk-rollover@icann.org
https://mm.icann.org/mailman/listinfo/ksk-rollover




--
-- 
Sameka S. McNeil                                                                                                            
                                                                                                
                                                                                           




--
-- 
Sameka S. McNeil                                                                                                            
Phone: 301.628.5644                                                                                                  
Cell: 202.360.9428