[ldns-users] ldns-read-zone -s does not strip DNSKEY
Willem Toorop
willem at nlnetlabs.nl
Tue Mar 4 22:17:59 UTC 2014
op 04-03-14 17:28, Paul Wouters schreef:
> On Tue, 4 Mar 2014, Emil Natan wrote:
>
>> "ldns-read-zone -s" does not strip the DNSKEY RRs, although the manual
>> states:
>> "Strip DNSSEC data from the zone. This option skips every record that
>> is of type NSEC, NSEC3, RRSIG or DNSKEY."
>
> That's a bug in the man page?
> I can see how someone might want to remove DNSKEY's, but than that
> should probably be a different option.
As of commit http://git.nlnetlabs.nl/ldns/commit/?h=develop&id=2e824311
this is fixed in the man page and ldns-read-zone has extra options to
exclude (or include) certain RR types.
To strip all NSEC, NSEC3, RRSIG *and* DNSKEY RRs, one can now do
ldns-read-zone -s -e DNSKEY <zone>
which is equivalent with:
ldns-read-zone -e NSEC -e NSEC3 -e RRSIG -e DNSKEY <zone>
-- Willem
More information about the ldns-users
mailing list