Hi all!
In my DNSSEC key rollover processes, before deleting a key and when
activating a key, I check if the signed zone contains signatures from
the respective key. Up to know this was more or less:
dig ... axfr | grep RRSIG | grep $KEYID
This worked fine for long time but when having keys with the same keyid
this obviously does not work anymore. So I want to change my code to
additionally check if the signature can be verified with the respective
public key. Are there any tools (bash, php ...) which accepts single
RRSIG RR and single DNSKEY RR and does the validation?
Thanks
Klaus
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
