Hi Brian,

I've been exploring various dnssec key management tools out there of
late and ran across this one, which I think is my favorite so far.
sounds good.

I say "key management", since originally, my intention was just to find
something that would help me in doing the key rollover and lifetime
selection and setting for the standard bind9 dnssec-keygen tool, dump
those all in the same directory (the key repository if you will) and
then I was just going to use dnssec-signzone -S "smart signing" to have
it use the timestamp values in those keys to figure out which DNSKEY
entries and DS entries to include.
I didn't checked it myself, but maybe DSKM [1] fulfills your needs.


It seems that zkt can do some of the "smart signing" (inclusion of
appropriate ds and dnskey records) as well, though requires a different
zone layout for me to be able to use it.
You have to $INCLUDE dnskey.db, and if you like to use a soa serial format of yyymmddnnn, then the SOA record needs a special layout.

My question was whether the two methods are compatible (looks to be not
since the comment headers are different and the zkt-signer.c source
specifically includes the -C compatibility option for newer
dnssec-keygen bind9 tools), OR if there's any intention to make zkt make
use of the smart signing stuff and that key format in the future?
First of all, yes you are right. ZKT was implemented at a time as BIND was not able to sign the zone automatically. With BIND 9.7 and moreover since the very cool inline signing feature of BIND 9.9, the resigning of the zone should be done by BIND itself.

I am thinking about a new ZKT version with the primary use of key rollover, but it requires a lot of re-coding and, to be honest, I don't have the resources to do it right now.

Best regards

[1] https://github.com/mc3/DSKM

Attachment: smime.p7s
Description: S/MIME Kryptografische Unterschrift

Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
zkt-users mailing list

Reply via email to