[ldns-users] ldns-read-zone -s does not strip DNSKEY
Emil Natan
shlyoko at gmail.com
Wed Mar 5 07:23:31 UTC 2014
Hi Willem,
Thank you very much for both updates.
I presume "-e" stands once for "exit" and once for "exclude", but I want to
believe it actually stands for "Emil" ;-)
ena
On Wed, Mar 5, 2014 at 12:17 AM, Willem Toorop <willem at nlnetlabs.nl> wrote:
> op 04-03-14 17:28, Paul Wouters schreef:
> > On Tue, 4 Mar 2014, Emil Natan wrote:
> >
> >> "ldns-read-zone -s" does not strip the DNSKEY RRs, although the manual
> >> states:
> >> "Strip DNSSEC data from the zone. This option skips every record that
> >> is of type NSEC, NSEC3, RRSIG or DNSKEY."
> >
> > That's a bug in the man page?
>
> > I can see how someone might want to remove DNSKEY's, but than that
> > should probably be a different option.
>
> As of commit http://git.nlnetlabs.nl/ldns/commit/?h=develop&id=2e824311
> this is fixed in the man page and ldns-read-zone has extra options to
> exclude (or include) certain RR types.
>
> To strip all NSEC, NSEC3, RRSIG *and* DNSKEY RRs, one can now do
>
> ldns-read-zone -s -e DNSKEY <zone>
>
> which is equivalent with:
>
> ldns-read-zone -e NSEC -e NSEC3 -e RRSIG -e DNSKEY <zone>
>
> -- Willem
>
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20140305/98fbffc2/attachment.htm>
More information about the ldns-users
mailing list