Hi,
When using an HSM and attempting to get the public key in a format for
bind, I noticed that ods-hsmutil dnskey always writes the DNSKEY record
as a ZSK, even if the KSK was specified.
I think this might be a "default" and that there is no communication
between listing the keys in ods/hsm using:
ods-ksmutil key list --verbose
which will get the keytag and CKA_ID, and:
ods-hsmutil dnskey <CKA_ID> <zonename>
which will create the DNSKEY record in bind's .key format.
Perhaps there could be a unifying command that does remember this?
Paul
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
