On Tue, 2014-02-25 at 13:58 +0100, Petr Spacek wrote: > I'm sorry for not being clear. I don't insist on splitting it to > multiple > attributes as long as we are able to reconstruct BIND key files. > > "This is just one long string stored in normal idnsZone object." was > meant as > "we can re-use DNSKEY records as currently defined". > I personally favor using the defined DNSKEY records, as this is future proof. If the spec changes in future it will have to be backwards compatible, meaning we will be able to also follow the DNSSEC spec w/o major changes to our data.
Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel