[ Quoting <[email protected]> at 15:37 on Mar 12 in "Re: [Opendnssec-user..." ] > >>leading in this screen? > > > >Huh? What exactly is the problem here? I just use the CKA_ID in > >dnssec-keyfromlabel and that works very nicely. > > I don't parse the output of dnssec-keyfromlabel, as I "know" what the > Kfile name will be, based on keytag and algo. That also ensures that I > am using the algo and key options I think I am, and that it will fail > to include a wrong key if some bit flips and the keytag would change. > (such as changing an nsec3 optin flag :)
Ok. But how do you handle key-id collisions? > (other people might prefer to read a load of xml from /etc/opendnssec/ > but that's exactly why my script is 20 lines and ods4bind is several > hunderd lines :) My personal ods2bind solution (in Perl) is indeed somewhat longer than 20 lines (but not several hundred either) grtz Miek
signature.asc
Description: Digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
