> From: Hauke Lampe <[email protected]> > http://data.iana.org/root-anchors/root-anchors.xml > http://data.iana.org/root-anchors/root-anchors.asc > > The XML file contains a DS hash of the root KSK, but BIND needs a public key > in the managed-keys clause. > > Are there any tools to retrieve the DNSKEY and validate it with the hash? Or > even process the XML directly?
You can check root DNSKEY RR and root-anchors.xml using dig and dnssec-dsfromkey. % dig . dnskey | grep -w 257 > root.key; dnssec-dsfromkey -2 root.key If you checked that the DS data written in root-anchors.xml and root.key are equivalent, you can generate trusted-keys entry from root.key file. But I want new BIND 9 function "DS style trust anchor configuration". -- Kazunori Fujiwara, JPRS _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
