On Tue, 1 Feb 2011, Torinthiel wrote:
To clarify things, I'm using BIND 9.7.2-P2. First is about input file: you can specify on the command line either the signed version of the zone, or the unsigned one. What I'd like to do hovever, is to use both. The unsigned zone is much more readable, and can contain $INCLUDE directives, which makes modification easier. But specifying the signed zone has added benefit of reusing existing signatures, thus saving on computation time (not that I have a lot to save on ;). So, I'd like dnssec-signzone to take 'normal' records from non-signed zone, try to reuse RRSIG records as much as possible, taking them from signed zone, and write the result.
see ldns-read-zone -d (data without sigs) and ldns-read-zone -s (sigs only) combined with -n (dont print soa) for one of them. Basically run the signed zone through ldns-read-zone -s, concatenate it with your unsigned zone, and run it through dnssec-signzone. Paul _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users