BIND9 Security Root

Incorporate known DNSKEYs in caching server's named.conf
For the sec.jinmei.org's case:
from keyset-sec.jinmei.org.
(generated by dnssec-signzone)
    $ORIGIN .
    sec.jinmei.org          1200    IN DNSKEY 256 3 1 (
        AQPFuONIHno7h8VHc4Nuz7iVSC9NQiUx+8Wn
        zAuQiPtEblaVtWxUdHn3RnemJvDTiDVJv4pS
        k6dtiluTHiQIrROlEF7Xwx14FwH6j52fvNPJ
        Cj++UpVx2Fv/eCtheHOoBz0=";
        ) ; key id = 43015
to trusted-keys statement in named.conf
    trusted-keys {
       sec.jinmei.org 256 3 1 "AQPFuONIHno7h8VHc4Nuz7iVSC9NQiUx+8Wn
           zAuQiPtEblaVtWxUdHn3RnemJvDTiDVJv4pS
           k6dtiluTHiQIrROlEF7Xwx14FwH6j52fvNPJ
           Cj++UpVx2Fv/eCtheHOoBz0=";
    };