How do I get from IANA's root-anchors.xml to managed-keys{}?

Kazunori Fujiwara fujiwara at wide.ad.jp
Fri Jul 16 09:16:13 UTC 2010


> From: Hauke Lampe <lampe at hauke-lampe.de>
> http://data.iana.org/root-anchors/root-anchors.xml
> http://data.iana.org/root-anchors/root-anchors.asc
> 
> The XML file contains a DS hash of the root KSK, but BIND needs a public key in the managed-keys clause.
> 
> Are there any tools to retrieve the DNSKEY and validate it with the hash? Or even process the XML directly?

You can check root DNSKEY RR and root-anchors.xml
using dig and dnssec-dsfromkey.

% dig . dnskey | grep -w 257 > root.key; dnssec-dsfromkey -2 root.key

If you checked that the DS data written in root-anchors.xml and
root.key are equivalent, you can generate trusted-keys entry from
root.key file.

But I want new BIND 9 function "DS style trust anchor configuration".

--
Kazunori Fujiwara, JPRS



More information about the bind-users mailing list