[Opendnssec-user] DelegationSignerSubmitCommand key identification

[Rickard Bellgrim]

> I am trying to set up automatic KSK rollover with OpenDNSSEC. If I use
> DelegationSignerSubmitCommand option
> for starting my external program, I am missing any information about key
> identifier relating to DNSKEY record,
> that should be subsequently used for key ds-seen. Although there is
> possibility to compute key_id manually,
> this is not ideal approach due to ambiguity. It would be useful to add
> CKA_ID in comment to DelegationSignerSubmitCommand
> parameter (if required in configuration).

Yes, that is a drawback that you have to query the "key list" to get
the CKA_ID of the key in the correct state when there are duplicate
key tags.

I have created a story about it:
https://issues.opendnssec.org/browse/OPENDNSSEC-258

// Rickard