[Opendnssec-user] key state definition
miek at miek.nl
Mon Jul 19 19:30:17 CEST 2010
[ Quoting Miek Gieben in "[Opendnssec-user] key state definit"... ]
> I'm writing an export function to export the OpenDNSSEC keys from
> the database to a format understood by BIND. This already works
> very nicely[*]:
> [*] The shell scripts are alpha quality, but I'm happy to post them to
> this list if somebody wants to see them.
We (SIDN) are going to use these scripts in production -- soonish.
Currently the ods-export consists out of 4 scripts that read
the kasp.db, convert the keys found from the HSM to bind9 format and
set the timing paramaters (dnssec-keyfromlabel).
Futher more there is a small Perl script that parses the signconf.xml
to create the options for dnssec-signzone (-A -j -k, -T and -s
<salt>), so that the signing parameters are in sync.
Then dnssec-signzone -S <sign_options> is called to sign the zone.
Our offer still stands, if people are interested in these scripts
please contact me or SIDN.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the Opendnssec-user