[Opendnssec-user] DelegationSignerSubmitCommand key identification

Rickard Bellgrim rickard at opendnssec.org
Mon May 14 12:45:30 UTC 2012

> I am trying to set up automatic KSK rollover with OpenDNSSEC. If I use
> DelegationSignerSubmitCommand option
> for starting my external program, I am missing any information about key
> identifier relating to DNSKEY record,
> that should be subsequently used for key ds-seen. Although there is
> possibility to compute key_id manually,
> this is not ideal approach due to ambiguity. It would be useful to add
> CKA_ID in comment to DelegationSignerSubmitCommand
> parameter (if required in configuration).

Yes, that is a drawback that you have to query the "key list" to get
the CKA_ID of the key in the correct state when there are duplicate
key tags.

I have created a story about it:

// Rickard

More information about the Opendnssec-user mailing list