On Tue, 2014-02-25 at 13:58 +0100, Petr Spacek wrote:
> I'm sorry for not being clear. I don't insist on splitting it to
> attributes as long as we are able to reconstruct BIND key files.
> "This is just one long string stored in normal idnsZone object." was
> meant as
> "we can re-use DNSKEY records as currently defined".
I personally favor using the defined DNSKEY records, as this is future
proof. If the spec changes in future it will have to be backwards
compatible, meaning we will be able to also follow the DNSSEC spec w/o
major changes to our data.
Simo Sorce * Red Hat, Inc * New York
Freeipa-devel mailing list