Full DNSSEC support
- Enable DNSSEC support in validating resolvers
- Prime validating resolvers with DNSSEC keys
- Provide way how to update DNSSEC trust anchors.
- In Debian, there are two DNSSEC aware resolvers:
- Trust anchors:
- Update trust anchors
- Does Debian need its own TAR? (Probably.)
- How to update trust anchors in old_stable, so the validation doesn't break?
- Trust anchors are probably material for volatile? (It will improve with Root getting signed.)
Do we support DLV? (Rather not by default.)
Fedora has nice project page about DNSSEC. Almost everything there applies to Debian as well.