parent-side CDS/CDNSKEY implementation
dot at dotat.at
Wed Sep 13 22:11:08 UTC 2017
I have been working on an RFC 7344 implementation, except for a few weeks gallivanting around Scandinavia. It's called dnssec-cds and you can find the current state of it here:
General strategy is that one invocation updates one dsset file, so it works with dnssec-signzone. We don't use dnssec-signzone but our DNS rebuild batch job has a pile of dsset files as part of its input. I sort of vaguely hope that registrars or resellers could hook it into their systems and shove the output into EPP...
Still todo: man page, finish test script and ATFify it, output file handling. There's a longer term todo list which will go in the BUGS section of the man page :-)
I'm not confident I am using the libdns API very well: I have not got to grips with the rdata abstractions in detail before, so I had to learn a lot. I would love it if anyone can point out any ways I can simplify the code.
f.anthony.n.finch <dot at dotat.at> http://dotat.at
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-workers