> From: Hauke Lampe <la...@hauke-lampe.de> > http://data.iana.org/root-anchors/root-anchors.xml > http://data.iana.org/root-anchors/root-anchors.asc > > The XML file contains a DS hash of the root KSK, but BIND needs a public key > in the managed-keys clause. > > Are there any tools to retrieve the DNSKEY and validate it with the hash? Or > even process the XML directly?
You can check root DNSKEY RR and root-anchors.xml using dig and dnssec-dsfromkey. % dig . dnskey | grep -w 257 > root.key; dnssec-dsfromkey -2 root.key If you checked that the DS data written in root-anchors.xml and root.key are equivalent, you can generate trusted-keys entry from root.key file. But I want new BIND 9 function "DS style trust anchor configuration". -- Kazunori Fujiwara, JPRS _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
