[Opendnssec-user] enforcer hooks

Petr Spacek pspacek at redhat.com
Wed May 21 08:23:32 UTC 2014


On 20.5.2014 13:56, Jakob Schlyter wrote:
>
> On 20 maj 2014, at 12:39, Petr Spacek <pspacek at redhat.com> wrote:
>
>> Now I have looked into /var/opendnssec/signconf/example.xml and it seems that I will be able to generate K*.private key except timestamps:
>>
>> Created: 20140429162528
>> Publish: 20140429162528
>> Activate: 20140429162528
>> ...
>
> You do not need those, just can just set them all to "now" in BIND (activate only if the key is used for signing). https://github.com/opendnssec/ods4bind/blob/master/ods4bind.pl should be useful as a guideline, it does just what you are aiming for I believe.

Thank you, I will take a look!

-- 
Petr Spacek  @  Red Hat



More information about the Opendnssec-user mailing list