[Opendnssec-develop] ksmutil export

sion at nominet.org.uk sion at nominet.org.uk
Thu Aug 27 08:54:30 UTC 2009

I've added export of keys and ds records to ksmutil, the export command now
looks like:

usage: ksmutil [-f config] export [policy|keys|ds]
<[policy_name]|zone_name> [keytype]
        policy: export all policies [or named policy] to xml
        keys: export dnskey RRs for named zone [KSK unless ZSK specified]
        ds: export ds RRs for named zone [KSK unless ZSK specified]

I don't think that it is quite right yet, but the exact functionality can
be tweaked as needed...

E.g. currently only active keys are exported, but I guess that "ready"
(I.e. emergency) keys should be too? Should it indicate which is active in
this case?

If you don't specify a zone then you get all zones; I'll change this to
require a -a flag instead.

Should we allow DS from ZSK? Is that ever useful?

If anyone wants to suggest refinements then please either add them to
pivotal or email me.


More information about the Opendnssec-develop mailing list