[Opendnssec-user] ods-hsmutil dnskey always exporting as ZSK?

Paul Wouters paul at nohats.ca
Wed Jan 18 16:25:33 UTC 2012


Hi,

When using an HSM and attempting to get the public key in a format for
bind, I noticed that ods-hsmutil dnskey always writes the DNSKEY record
as a ZSK, even if the KSK was specified.

I think this might be a "default" and that there is no communication
between listing the keys in ods/hsm using:

 	ods-ksmutil key list --verbose

which will get the keytag and CKA_ID, and:

 	ods-hsmutil dnskey <CKA_ID> <zonename>

which will create the DNSKEY record in bind's .key format.

Perhaps there could be a unifying command that does remember this?

Paul



More information about the Opendnssec-user mailing list