[ldns-users] using ldns-revoke

[A. Schulze]

Hello,

I like to understand the revoked state of a key. As far as I learned, I could set a flag in a DNSSEC key to mark that key as revoked.
That's what ldns-revoke does.

But what now? I should publish the revoked key as self signed? Which tools I may use?

my workflow (without ZSKs) is as follow:

- take plain, unsigned zone data
- append DNSSEY data
- sign with the private key
- publish the signed zone

On key rollover I've to append two key's DNSKEY data, one with revoke bit set.
but it isn't self-signed automatically.

????
Andreas