Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at
On 10 Aug 2017, at 21:03, Wessels, Duane via ksk-rollover <ksk-rollover@icann.org> wrote:
On Aug 10, 2017, at 9:57 AM, Daisuke HIGASHI <daisuke.higashi@gmail.com> wrote:
Is there any method to confirm that my validator has accepted new root KSK trust anchor and can actually validates with new TA before 11 Oct?
In general, no.
If you happen to run a recent unbound you could query your validator for trustanchor.unbound CH TXT
And for recent BIND, use `rndc managed-keys status` or for less recent BIND use `rndc secroots` (which dumps to named.secroots in the server's working directory instead of stdout). The new key should start being trusted about now, since it is 30 days after publication :-) Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at