Hello, draft-ietf-dnsop-kskroll-sentinel-00 is now implemented in Knot Resolver version 2.0.0 [1] which was released today, and it is enabled by default.
Other implementers might be interested in Deckard [2] tests [3] we have for this feature. The Deckard framework also works with Unbound and PowerDNS Recursor, so you might be able to use them directly once you have code to support the sentinel feature. Please do not hesitate to contact me if you have any question. Petr Špaček @ CZ.NIC P.S. Version 2.0.0 also has implementation of RFC 8198. [1] Knot Resolver https://www.knot-resolver.cz/ https://www.knot-resolver.cz/2018-01-31-knot-resolver-2.0.0.html [2] Deckard README https://gitlab.labs.nic.cz/knot/deckard/blob/master/README.rst [3] Deckard tests for IETF draft version 00 https://gitlab.labs.nic.cz/knot/deckard/blob/master/sets/resolver/val_ta_sentinel.rpl https://gitlab.labs.nic.cz/knot/deckard/blob/master/sets/resolver/val_ta_sentinel_insecure.rpl https://gitlab.labs.nic.cz/knot/deckard/blob/master/sets/resolver/val_ta_sentinel_nokey.rpl _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
