On Mon, 12 Mar 2012, Miek Gieben wrote:
active 2012-03-12 11:05:08 (retire) 1024 8
c842110e1409d9f6289c5ff5fe793b61 AEP 4450
publish 2012-03-12 10:05:10 (ready) 1024 8
382ffeea9db6a814d0a573717232a707 AEP 37491
1) Leading zeroes
When trying to sign with both bind and opendnssec, some conversions need
to happen. We need to grab the current KSK and ZSK from where, so we can
run dnssec-keyfromlabel. Since we are dealing with filenames generated
based on keytag and algorithm, there is this annoying issue with leading
zeros for both the key tag and the algorithm. Could opendnssec print
leading in this screen?
Huh? What exactly is the problem here? I just use the CKA_ID in
dnssec-keyfromlabel and that works very nicely.
I don't parse the output of dnssec-keyfromlabel, as I "know" what the
Kfile name will be, based on keytag and algo. That also ensures that I
am using the algo and key options I think I am, and that it will fail
to include a wrong key if some bit flips and the keytag would change.
(such as changing an nsec3 optin flag :)
(other people might prefer to read a load of xml from /etc/opendnssec/
but that's exactly why my script is 20 lines and ods4bind is several
hunderd lines :)
Paul
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
