dnssec-signzone SMIMEA/TYPE65280 RR

Evan Hunt each at isc.org
Fri Oct 31 17:46:08 UTC 2014

On Tue, Oct 28, 2014 at 04:48:20AM +1100, shmick at riseup.net wrote:
> i couldn't sign a zone with the draft SMIMEA RR from debian jessie based OS

It's not yet been implemented in BIND.

I expect we will, but not until it's at least been allocated a type code
(see http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml)
and most likely not until it's published as an RFC.

> also when i tried TYPE65280 for OPENPGPKEY RRs i got:

This one does have a type code but AFAIK the specification is still in
draft status.

Unknown types can always be represented in BIND, though.  You could enter
your key as a TYPE61 record, but you'll need to encode it in hexidecimal
(not base64), e.g.:

<hash>._openpgpkey.example.com.  IN TYPE61 \# 128 FA302B31....

This is cumbersome, but it's the sort of thing a script can do. (If you
happen to write such a script, it'd be swell if you posted it here...)

Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.

More information about the bind-users mailing list