+--On 14 mai 2012 14:45:30 +0200 Rickard Bellgrim <[email protected]> wrote: |> I am trying to set up automatic KSK rollover with OpenDNSSEC. If I use |> DelegationSignerSubmitCommand option |> for starting my external program, I am missing any information about key |> identifier relating to DNSKEY record, |> that should be subsequently used for key ds-seen. Although there is |> possibility to compute key_id manually, |> this is not ideal approach due to ambiguity. It would be useful to add |> CKA_ID in comment to DelegationSignerSubmitCommand |> parameter (if required in configuration). | | Yes, that is a drawback that you have to query the "key list" to get | the CKA_ID of the key in the correct state when there are duplicate | key tags.
It should be fairly rare to have a tag conflict for two keys on *one* zone, no ? -- Mathieu Arnold _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
