[Opendnssec-user] key state definition

Jakob Schlyter jakob at kirei.se
Wed Jun 30 12:56:09 CEST 2010


On 30 jun 2010, at 11.59, Miek Gieben wrote:

> * I lookup the labels of the keys in the database and then use
>  dnssec-keyfromlabel to extract the keys from the HSM. 

I would recommend you to not read from the KASP database directly, as we cannot commit to keeping the database schema between releases. Integration with the enforcer should, if possible, be done using the XML output.

I've implemented this (I described in [1]), i.e. an adapter for using BIND as the signer engine (both online and offline) for OpenDNSSEC, and I hope to be able to publish this program (as open source) shortly.

	jakob



[1] http://www.kirei.se/en/2010/02/04/ods4bind/




More information about the Opendnssec-user mailing list