On 2 jun 2014, at 13:15, Emil Natan <[email protected]> wrote: > I use ods-ksmutil key list to obtain the CKA_ID for all keys for a zone, then > dnssec-keyfromlabel to create the files with metadata for these keys, store > the files in a temp directory and then I use dnssec-signzone (-S) to actually > sign the zone. For the most simple scenario when there are only two active > keys, ZSK and KSK, I run dnssec-keyfromlabel twice with different options to > correctly create the ZSK and KSK files. In the middle of rollover or when > using stand-by keys, I use dnssec-keyfromlabel few times, to create all > needed key files. >
You should probably take a look at https://github.com/opendnssec/ods4bind jakob _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
