[Opendnssec-develop] ksmutil export

Roy Arends roy at nominet.org.uk
Thu Aug 27 09:02:19 UTC 2009

Sion wrote on 08/27/2009 10:54:30 AM:

> I've added export of keys and ds records to ksmutil, the export command 
> looks like:
> usage: ksmutil [-f config] export [policy|keys|ds]
> <[policy_name]|zone_name> [keytype]
>         policy: export all policies [or named policy] to xml
>         keys: export dnskey RRs for named zone [KSK unless ZSK 
>         ds: export ds RRs for named zone [KSK unless ZSK specified]
> I don't think that it is quite right yet, but the exact functionality 
> be tweaked as needed...
> E.g. currently only active keys are exported, but I guess that "ready"
> (I.e. emergency) keys should be too? Should it indicate which is active 
> this case?

Or maybe allow selection by possible states [ready|active|.....|....] as 

> If you don't specify a zone then you get all zones; I'll change this to
> require a -a flag instead.
> Should we allow DS from ZSK? Is that ever useful?

I think it is useful. 

> If anyone wants to suggest refinements then please either add them to
> pivotal or email me.

Thanks Sion,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090827/84a2a0b8/attachment.htm>

More information about the Opendnssec-develop mailing list