parent-side CDS/CDNSKEY implementation

Tony Finch dot at
Wed Sep 13 22:11:08 UTC 2017

I have been working on an RFC 7344 implementation, except for a few weeks gallivanting around Scandinavia. It's called dnssec-cds and you can find the current state of it here:

General strategy is that one invocation updates one dsset file, so it works with dnssec-signzone. We don't use dnssec-signzone but our DNS rebuild batch job has a pile of dsset files as part of its input. I sort of vaguely hope that registrars or resellers could hook it into their systems and shove the output into EPP...

Still todo: man page, finish test script and ATFify it, output file handling. There's a longer term todo list which will go in the BUGS section of the man page :-)

I'm not confident I am using the libdns API very well: I have not got to grips with the rdata abstractions in detail before, so I had to learn a lot. I would love it if anyone can point out any ways I can simplify the code. 

f.anthony.n.finch  <dot at>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-workers mailing list