On Tue, 2009-07-14 at 17:50 +1000, Mark Andrews wrote: > In message <1247555725.13064.4.ca...@ilinux>, Mark Elkins writes: > > OK - so I accept that the algorithm will change. > > > > What about some sort of validation of the base-64 part of the key? > > Is there a checksum byte/word? > > Is there a way of checking that the length is correct? > > Have you thought of reading the RFCs which describe these records? > The answers to your questions are in the RFCs.
For the record - have been looking at various definitions and at some RFC's - but the 'right thing' has not jumped out at me yet. Could some kind soul please point me at the latest RFC that describes the base-64 part of the DNSREC resource record - how to checksum it and calculate that the length is correct. Or - are there stand-alone tools for this? http://www.dnssec-deployment.org/tracker/ has lots of good stuff - but I'd rather not have to download everything to try it. > > Mark Anyone know how to get dnskeys into .ORG - I've had no answer yet from i...@pir.org. -- . . ___. .__ Posix Systems - Sth Africa. e.164 VOIP ready /| /| / /__ m...@posix.co.za - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
