> I am trying to set up automatic KSK rollover with OpenDNSSEC. If I use > DelegationSignerSubmitCommand option > for starting my external program, I am missing any information about key > identifier relating to DNSKEY record, > that should be subsequently used for key ds-seen. Although there is > possibility to compute key_id manually, > this is not ideal approach due to ambiguity. It would be useful to add > CKA_ID in comment to DelegationSignerSubmitCommand > parameter (if required in configuration).
Yes, that is a drawback that you have to query the "key list" to get the CKA_ID of the key in the correct state when there are duplicate key tags. I have created a story about it: https://issues.opendnssec.org/browse/OPENDNSSEC-258 // Rickard _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
