On Thu, Mar 06, 2014 at 08:55:28AM +0100, Carsten Strotmann wrote: > I agree that it might be nice to change "dnssec-keygen" to make the tool > more userfriendly. The current state-of-things is because of historic > developments in how DNSSEC came to birth.
...and lots of people dealing with dnssec-keygen's user-unfriendliness by writing shell scripts to run it, which will break if we change its interface now. A lot of old mistakes have gotten chiseled into stone by that. I've long wanted to write a replacement for the zone key functions of dnssec-keygen (or at least a sensible wrapper), so that DNSSEC keys could be generated according to a configured policy rather than command-line alphabet soup. For generating host keys, I suggest "ddns-confgen" rather than "dnssec-keygen". -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
