Hello, On 7 Jan 2019, at 15:04, Rene 'Renne' Bartsch, B.Sc. Informatics via ksk-rollover wrote:
according to Simon Kelly RFC 5011 is not sufficient for automatic DNSSEC key updates and will not be implemented in Dnsmasq (https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg1244...).
As the majority of SoHo routers uses Dnsmasq as DNS resolver I suggest to address this problem by discussing a suitable solution with Simon Kelly and the IETF workgroups.
The message already describes the right solution. There is no work to be done here. Quoting from your URL: “anything running dnsmasq has net access, by definition, and really should have a method of doing automatic updates for security fixes, etc. As such it has a method of authentication put in place by the software providers, and that is the best way to update the root key.” Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/