How do I get from IANA's root-anchors.xml to managed-keys{}?

Hauke Lampe lampe at hauke-lampe.de
Fri Jul 16 08:56:13 UTC 2010


Greetings, everyone.

Now that the signed root is finally in production, how do I initialize BIND's RFC5011 key management from the XML file published by IANA?

I downloaded the files and checked the PGP signature:

http://data.iana.org/root-anchors/root-anchors.xml
http://data.iana.org/root-anchors/root-anchors.asc

The XML file contains a DS hash of the root KSK, but BIND needs a public key in the managed-keys clause.

Are there any tools to retrieve the DNSKEY and validate it with the hash? Or even process the XML directly?

So far I used unbound to bootstrap the key but I am looking for a simpler way.



Hauke.




More information about the bind-users mailing list