Pieter Lexis <pieter.lexis@powerdns.com> wrote: > On 3/28/19 11:01 AM, Michael StJohns wrote: >> >> I mostly agree with this, and would totally agree if we were >> completely 5011 based, but that's not the case. I think there needs >> to be an "interested parties" announcement even if this isn't >> announced widely. E.g. ISPs that do manual configuration on >> roll-their-own DNS resolvers etc. > Correct. PowerDNS Recursor also does not do (and probably will never > do) 5011. We ship the KSK TA's in the binary but are attempting to make > the OS vendors (Debian, RedHat etc.) "responsible" for providing this > data as they already do for the root server hints. So, one could have an rfc5011d that ran in parallel (or from cron) that updated the hints, and life would be okay for you? -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-