On 1/10/13 12:17 PM, Brian Kroth wrote: > It seems that zkt can do some of the "smart signing" (inclusion of > appropriate ds and dnskey records) as well, though requires a different > zone layout for me to be able to use it.
This only answers a small portion of your overall question, but one easy way to get a zonefile into the format that zkt wants is to use named-compilezone in the BIND distribution. named-compilezone (simply a different invocation of named-checkzone) also does sanity/syntax checking on the zone itself, so that's an added benefit. When I worked at UC Berkeley, I used zkt for the signing and key management of hundreds of zones, and adding named-compilezone to all of the perl goo that manages zonefiles and builds them out from the backend database was really easy. Then all I had to do was let zkt do its magic. Some reasonable invocation of 'named-compilezone -F text' will work for this purpose. michael ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712 _______________________________________________ zkt-users mailing list zkt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zkt-users