[Opendnssec-user] DelegationSignerSubmitCommand key identification

Mathieu Arnold mat at mat.cc
Mon May 14 13:03:02 UTC 2012

+--On 14 mai 2012 14:45:30 +0200 Rickard Bellgrim <rickard at opendnssec.org>
|> I am trying to set up automatic KSK rollover with OpenDNSSEC. If I use
|> DelegationSignerSubmitCommand option
|> for starting my external program, I am missing any information about key
|> identifier relating to DNSKEY record,
|> that should be subsequently used for key ds-seen. Although there is
|> possibility to compute key_id manually,
|> this is not ideal approach due to ambiguity. It would be useful to add
|> CKA_ID in comment to DelegationSignerSubmitCommand
|> parameter (if required in configuration).
| Yes, that is a drawback that you have to query the "key list" to get
| the CKA_ID of the key in the correct state when there are duplicate
| key tags.

It should be fairly rare to have a tag conflict for two keys on *one* zone,
no ?

Mathieu Arnold

More information about the Opendnssec-user mailing list