Hi, The extra white space is just a redundant separation of a long hex string. You can ignore it.
Daniel On 8/31/21 11:49 AM, mj wrote: > Hi, > > We have a (hopefully last) follow-up question on the knot-generated dnssec > keys for our domain. > > Our policy is is set to algorithm: ECDSAP256SHA256. Upon knot start, knot > generates the key: > >> knotd[25835]: info: [company.com.] DNSSEC, key, tag 54011, algorithm >> ECDSAP256SHA256, KSK, public, ready, active+ >> knotd[25835]: info: [company.com.] DNSSEC, key, tag 49404, algorithm >> ECDSAP256SHA256, public, active >> knotd[25835]: info: [company.com.] DNSSEC, signing started > > Then we query the DS key to be published, the result is: > >> keymgr company.com ds >> company.com. DS 54011 13 2 >> f0892debae240caa01827becdd3d3cb0ef2512f5691ca525895777571a67e680 >> company.com. DS 54011 13 4 >> 462211ea3e8d3ea19a2ae803b926af8df851369527879911318f59ff72973a72452e3f29265c339c6a61537a778c43da > > > Now the question. In most (if not all?) docs we read on the subject, the DS > key looks something like: > >> knot-dns.cz. 3600 IN DS 54959 13 2 >> 268DE6EB7E0630953B8AF0F0037BF68FD10443BF01B5E17805AF94C2 6921897D > or >> dnssec-tools.org. 21600 IN DS 9638 13 2 >> 92551AA25C4ADE8E2882FBF4BEB5B54F9D84379B153848852B68BB3C 793F4B0B > > note the spaces at the end of the key string. > > Our knot-generated DS key does not have a space in it. > > Is something wrong? Do we need to add a space somewhere, or..? > > Thanks again in advance for providing insight :-) > > MJ -- https://lists.nic.cz/mailman/listinfo/knot-dns-users