[ldns-users] ldns-read-zone -s does not strip DNSKEY
Paul Wouters
paul at nohats.ca
Tue Mar 4 17:16:01 UTC 2014
On Tue, 4 Mar 2014, Emil Natan wrote:
> Agree. Though it should be really nice to have that option because when using OpenDNSSEC or BIND's Smart signing the DNSKEY in not a
> part of the unsigned zone and that can be useful when comparing the signed and unsigned zones.
but didnt you have a signed zone? Or rather two signed zones to compare?
And in case you were not aware, for doing to ods+bind combo signer, we
added -0 to ldns-read-zone:
Print a (null) for the RRSIG inception, expiry and key data. This option
can be used when comparing different signing systems that use the same
DNSKEYs for signing but would have a slightly different timings/jitter.
Paul
More information about the ldns-users
mailing list