Singing a RRSET

Alan Clegg alan at
Fri Mar 14 22:02:08 UTC 2014

On 3/14/14, 12:15 PM, Sergio Ramirez wrote:

>    We need to sign a RRSET individually out of the zone file.
> The utilities dnssec-signzone and similars from other packages 
> check the zone before signing (SOA RR, DNSKEY RR, etc).
> Before to do a piece of programa to do this, we wanted to know if 
> there is any tool to sign just a RRSET ?

Create it in a valid zone file, sign it, then "dig" it out?

You can't sign without keys, SOA can be standard, this is _probably_
much easier to script than creating code.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 600 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the bind-users mailing list