Hi Luveh,

The draft you cited is quite old, but of course still accurate.
We are a group of people working on a technic called multi-signer which solves the problem.
For this we have been able to get support into PowerDNS and Bind and are actively working with the Knot Team for support.
Please find details at https://github.com/DNSSEC-Provisioning
There is a software implementation (although only very rudimentary) a draft and a project description with a collection of needed capabilities.

Kind regards

/Ulrich


On 27 Oct 2021, at 17:28, Luveh Keraph <1.41421@gmail.com> wrote:

There is an Internet draft (https://datatracker.ietf.org/doc/html/draft-koch-dnsop-dnssec-operator-change-06) that describes a mechanism to facilitate the operation consisting of changing the DNS delegation for a signed DNS zone. Since this is a draft, I do not expect for Knot to provide support for it already (in fact, I know it does not, for it involves signing a DNSKEY RR, which Knot does not do) but I wonder whether this is something that is in Knot's roadmap?
--
https://lists.nic.cz/mailman/listinfo/knot-dns-users