[Opendnssec-develop] ksmutil export
Roy Arends
roy at nominet.org.uk
Thu Aug 27 09:02:19 UTC 2009
Sion wrote on 08/27/2009 10:54:30 AM:
> I've added export of keys and ds records to ksmutil, the export command
now
> looks like:
>
> usage: ksmutil [-f config] export [policy|keys|ds]
> <[policy_name]|zone_name> [keytype]
> policy: export all policies [or named policy] to xml
> keys: export dnskey RRs for named zone [KSK unless ZSK
specified]
> ds: export ds RRs for named zone [KSK unless ZSK specified]
>
> I don't think that it is quite right yet, but the exact functionality
can
> be tweaked as needed...
>
> E.g. currently only active keys are exported, but I guess that "ready"
> (I.e. emergency) keys should be too? Should it indicate which is active
in
> this case?
Or maybe allow selection by possible states [ready|active|.....|....] as
well?
> If you don't specify a zone then you get all zones; I'll change this to
> require a -a flag instead.
>
> Should we allow DS from ZSK? Is that ever useful?
I think it is useful.
> If anyone wants to suggest refinements then please either add them to
> pivotal or email me.
Thanks Sion,
Roy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090827/84a2a0b8/attachment.htm>
More information about the Opendnssec-develop
mailing list