parent-side CDS/CDNSKEY implementation

Tony Finch dot at dotat.at
Wed Sep 13 22:11:08 UTC 2017


I have been working on an RFC 7344 implementation, except for a few weeks gallivanting around Scandinavia. It's called dnssec-cds and you can find the current state of it here:

https://git.csx.cam.ac.uk/x/ucs/ipreg/bind9.git/tree/u/fanf2/patch:/bin/dnssec

General strategy is that one invocation updates one dsset file, so it works with dnssec-signzone. We don't use dnssec-signzone but our DNS rebuild batch job has a pile of dsset files as part of its input. I sort of vaguely hope that registrars or resellers could hook it into their systems and shove the output into EPP...

Still todo: man page, finish test script and ATFify it, output file handling. There's a longer term todo list which will go in the BUGS section of the man page :-)

I'm not confident I am using the libdns API very well: I have not got to grips with the rdata abstractions in detail before, so I had to learn a lot. I would love it if anyone can point out any ways I can simplify the code. 

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-workers/attachments/20170913/30fe7d46/attachment.html>


More information about the bind-workers mailing list