Hi, lastly I've discovered the new python tool dnssec-keymgr included in BIND 9.11 alpha release. I'm seeking for simple tools to handle key rollovers unattended. And the lightweight dnssec-keymgr could be the right one. Are there any future plans or milestones out there (expect of 'remaining work' from the manual)?
I would like to handle KSK updates of second level domains using that tool (option -k applies policy only on KSKs). And especially I'm looking for an interface to trigger updates of DS records. The call on dnssec-settime may could be wrapped using the -s option of dnssec-keymgr to send a DS update via the registrar to the parent on publications or removals of DNSKEYs from the zone. But are there any other concepts or thoughts like supporting hooks for different phases in key rollovers? Thanks, Armin _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
