[ldns-users] using ldns-revoke

A. Schulze sca at andreasschulze.de
Mon May 21 14:56:35 UTC 2018


I like to understand the revoked state of a key. As far as I learned, I could set a flag in a DNSSEC key to mark that key as revoked.
That's what ldns-revoke does.

But what now? I should publish the revoked key as self signed? Which tools I may use?

my workflow (without ZSKs) is as follow:

- take plain, unsigned zone data
- append DNSSEY data
- sign with the private key
- publish the signed zone

On key rollover I've to append two key's DNSKEY data, one with revoke bit set.
but it isn't self-signed automatically.


More information about the ldns-users mailing list