0N/ACopyright (C) 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
0N/AThis Source Code Form is subject to the terms of the Mozilla Public
0N/ALicense, v. 2.0. If a copy of the MPL was not distributed with this
0N/AThis is for testing managed-keys, in particular with problems
0N/Awith RFC 5011 Automated Updates of DNSSEC Trust Anchors.
0N/Ans1 is the root server that offers new KSKs and hosts one record for
0N/Atesting. The TTL for the zone's records is 2 seconds.
0N/Ans2 is a validator that uses managed-keys. "-T mkeytimers=2/20/40"
0N/Ais used so it will attempt do automated updates frequently. "-T tat=1"
0N/Ais used so it will send TAT queries once per second.
0N/Ans3 is a validator with a broken key in managed-keys.
0N/A- initial working KSK
0N/ATODO: test using delv with new trusted key too
0N/A- introduce a REVOKE bit
0N/A- later remove a signature
0N/A- corrupt a signature
0N/ATODO: also same things with dlv auto updates of trust anchor