Michael Sinatra <mich...@rancid.berkeley.edu> 2013-01-10 13:58:
On 1/10/13 12:17 PM, Brian Kroth wrote:It seems that zkt can do some of the "smart signing" (inclusion of appropriate ds and dnskey records) as well, though requires a different zone layout for me to be able to use it.This only answers a small portion of your overall question, but one easy way to get a zonefile into the format that zkt wants is to use named-compilezone in the BIND distribution. named-compilezone (simply a different invocation of named-checkzone) also does sanity/syntax checking on the zone itself, so that's an added benefit. When I worked at UC Berkeley, I used zkt for the signing and key management of hundreds of zones, and adding named-compilezone to all of the perl goo that manages zonefiles and builds them out from the backend database was really easy. Then all I had to do was let zkt do its magic. Some reasonable invocation of 'named-compilezone -F text' will work for this purpose. michael
Yeah, we already do that (UW Madison CoE). The rest of it is reorganizing things into a hierarchical directory structure, which isn't that hard to do, but I didn't want to go through the effort if I could avoid it. Right now everything is just in one flat directory and since I never need to go look at things manually, I don't really care about how well it's organized. It also turns out to be more along the lines of what the smart signing dnssec-signzone option wants, but then I have to implement all of the key management policies on my own which is a pain to parse, code up, and automate according to RFC standards - which is what zkt seems to have done already (more or less).
So, did you use zkt to do the signing or just the key management? Mind sharing some of the details (if you still have them)?
Thanks, Brian
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
_______________________________________________ zkt-users mailing list zkt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zkt-users
