How do I get from IANA's root-anchors.xml to managed-keys{}?
Hauke Lampe
lampe at hauke-lampe.de
Fri Jul 16 08:56:13 UTC 2010
Greetings, everyone.
Now that the signed root is finally in production, how do I initialize BIND's RFC5011 key management from the XML file published by IANA?
I downloaded the files and checked the PGP signature:
http://data.iana.org/root-anchors/root-anchors.xml
http://data.iana.org/root-anchors/root-anchors.asc
The XML file contains a DS hash of the root KSK, but BIND needs a public key in the managed-keys clause.
Are there any tools to retrieve the DNSKEY and validate it with the hash? Or even process the XML directly?
So far I used unbound to bootstrap the key but I am looking for a simpler way.
Hauke.
More information about the bind-users
mailing list