[Pdns-users] knowing the DNSKEY
Peter van Dijk
peter.van.dijk at netherlabs.nl
Tue Aug 20 08:02:43 UTC 2013
Hello Gilles,
On Aug 20, 2013, at 9:31 , Gilles Massen wrote:
> For our provisioning system I need to know the DNSKEY of a zone quickly
> after the zone has been created (ideally the DS...). When assigning a
> key to a domain (in the DB backend), it takes a few seconds before
> PowerDNS actually serves the DNSKEY. What is the maximum delay for the
> DNSKEY to show up?
Unless you queried the DNSKEY before you created the zone, I don't really
see a reason for there to be any delay. Can you describe your exact steps?
Specifically, how are you creating the keys?
> Having the cryptokey entry, would it be easy to compute the DNSKEY,
> without help from PowerDNS? I must confess that I couldn't figure it out
> from the sources...
It's an algorithm-dependent crypto operation - I would recommend against doing
it yourself. However, be aware that 'pdnssec show-zone' will give you both DNSKEY
and DS, and will work immediately after creating the keys.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130820/97d17818/attachment-0001.sig>
More information about the Pdns-users
mailing list