Co-author of RFC 4641 a BCP (Best Current Practice) for DNSSEC operations. This was written together with Olaf Kolkman.
At the time I was employed at NLnet Labs
This RFC gives guidelines on how to setup secure zones in a world with DNSSEC. It also gives pointers for public and private key handling and deals with the key lengths and how to handle key rollovers.