[ldns-users] ldns-read-zone -s does not strip DNSKEY
Emil Natan
shlyoko at gmail.com
Tue Mar 4 17:28:52 UTC 2014
Sorry, I should have said "comparing the unsigned and signed version of a
zone". I'm trying to compare the non-DNSSEC data for a zone before and
after signing. At the end I finished with a long grep that strips the
DNSSEC data. Thanks.
ena
On Tue, Mar 4, 2014 at 7:16 PM, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 4 Mar 2014, Emil Natan wrote:
>
> Agree. Though it should be really nice to have that option because when
>> using OpenDNSSEC or BIND's Smart signing the DNSKEY in not a
>> part of the unsigned zone and that can be useful when comparing the
>> signed and unsigned zones.
>>
>
> but didnt you have a signed zone? Or rather two signed zones to compare?
>
> And in case you were not aware, for doing to ods+bind combo signer, we
> added -0 to ldns-read-zone:
>
> Print a (null) for the RRSIG inception, expiry and key data. This
> option
> can be used when comparing different signing systems that use the
> same
> DNSKEYs for signing but would have a slightly different
> timings/jitter.
>
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20140304/ac083908/attachment.htm>
More information about the ldns-users
mailing list