[Opendnssec-user] ods-hsmutil dnskey always exporting as ZSK?
paul at nohats.ca
Wed Jan 18 16:25:33 UTC 2012
When using an HSM and attempting to get the public key in a format for
bind, I noticed that ods-hsmutil dnskey always writes the DNSKEY record
as a ZSK, even if the KSK was specified.
I think this might be a "default" and that there is no communication
between listing the keys in ods/hsm using:
ods-ksmutil key list --verbose
which will get the keytag and CKA_ID, and:
ods-hsmutil dnskey <CKA_ID> <zonename>
which will create the DNSKEY record in bind's .key format.
Perhaps there could be a unifying command that does remember this?
More information about the Opendnssec-user