How do I get from IANA's root-anchors.xml to managed-keys{}?
Kazunori Fujiwara
fujiwara at wide.ad.jp
Fri Jul 16 09:16:13 UTC 2010
> From: Hauke Lampe <lampe at hauke-lampe.de>
> http://data.iana.org/root-anchors/root-anchors.xml
> http://data.iana.org/root-anchors/root-anchors.asc
>
> The XML file contains a DS hash of the root KSK, but BIND needs a public key in the managed-keys clause.
>
> Are there any tools to retrieve the DNSKEY and validate it with the hash? Or even process the XML directly?
You can check root DNSKEY RR and root-anchors.xml
using dig and dnssec-dsfromkey.
% dig . dnskey | grep -w 257 > root.key; dnssec-dsfromkey -2 root.key
If you checked that the DS data written in root-anchors.xml and
root.key are equivalent, you can generate trusted-keys entry from
root.key file.
But I want new BIND 9 function "DS style trust anchor configuration".
--
Kazunori Fujiwara, JPRS
More information about the bind-users
mailing list