root-anchor.xml & anchors.xml in Bind
Evan Hunt
each at isc.org
Sat Jul 17 16:23:57 UTC 2010
> Then why was anchors2keys written to create only trusted-keys?<GRIN>?
My guess is because managed-keys was only introduced in BIND 9.7, and
they wanted to be able to support 9.6 as well.
> It doesn't look hard to modify the script, but there appears to be
> subtle differences in syntax between the two data types.
The difference is the addition of an extra keyword immediately after the
zone name: "initial-key". So whereas the trusted-keys statement for the
root zone looks like this:
trusted-keys {
. 257 3 8 "[gibberish]";
};
The equivalent managed-keys statement is:
managed-keys {
. initial-key 257 3 8 "[gibberish]";
};
(The extra keyword is there because we were thinking we might want to
extend the syntax someday and add other methods for intiializing trust
anchors.)
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list