[Opendnssec-user] two small requests for ods-ksmutil
Miek Gieben
miek at miek.nl
Mon Mar 12 19:48:44 UTC 2012
[ Quoting <paul at nohats.ca> at 15:37 on Mar 12 in "Re: [Opendnssec-user..." ]
> >>leading in this screen?
> >
> >Huh? What exactly is the problem here? I just use the CKA_ID in
> >dnssec-keyfromlabel and that works very nicely.
>
> I don't parse the output of dnssec-keyfromlabel, as I "know" what the
> Kfile name will be, based on keytag and algo. That also ensures that I
> am using the algo and key options I think I am, and that it will fail
> to include a wrong key if some bit flips and the keytag would change.
> (such as changing an nsec3 optin flag :)
Ok. But how do you handle key-id collisions?
> (other people might prefer to read a load of xml from /etc/opendnssec/
> but that's exactly why my script is 20 lines and ods4bind is several
> hunderd lines :)
My personal ods2bind solution (in Perl) is indeed somewhat longer than
20 lines (but not several hundred either)
grtz Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120312/fbe84d1b/attachment.bin>
More information about the Opendnssec-user
mailing list