Greetings, everyone. Now that the signed root is finally in production, how do I initialize BIND's RFC5011 key management from the XML file published by IANA?
I downloaded the files and checked the PGP signature: http://data.iana.org/root-anchors/root-anchors.xml http://data.iana.org/root-anchors/root-anchors.asc The XML file contains a DS hash of the root KSK, but BIND needs a public key in the managed-keys clause. Are there any tools to retrieve the DNSKEY and validate it with the hash? Or even process the XML directly? So far I used unbound to bootstrap the key but I am looking for a simpler way. Hauke. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
