[Pdns-users] Format of private keys in PowerDNSSEC (gmysql) doesn't correspond to BIND's
Jan-Piet Mens
jp at mens.de
Thu Feb 24 17:49:15 UTC 2011
Hello Maik,
> The current version of the format is 1.3, but BIND accepts 1 point anything
Newer versions of `dnssec-keygen' generate a 1.3 version unless option
`-C' is used, in which case a version 1.2 is created:
Compatibility mode: generates an old-style key, without any
metadata. By default, dnssec-keygen will include the key's
creation date in the metadata stored with the private key, and
other dates may be set there as well (publication date,
activation date, etc). Keys that include this data may be
incompatible with older versions of BIND; the -C option
suppresses them.
> In my opinion, the ldns parser should be adjusted to work the same way.
You're probably right, but seeing ldns came first, their authors may be
reluctant to add some flexibility to it. :-) As an aside, and FWIW,
neither Net::DNS nor ldns (both by NLnetlabs) support the 1.3 format.
This issue isn't terribly important, but I thought I'd point it out
before the release of PowerDNSSEC.
-JP
More information about the Pdns-users
mailing list