Hello Maik, > The current version of the format is 1.3, but BIND accepts 1 point anything
Newer versions of `dnssec-keygen' generate a 1.3 version unless option `-C' is used, in which case a version 1.2 is created: Compatibility mode: generates an old-style key, without any metadata. By default, dnssec-keygen will include the key's creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc). Keys that include this data may be incompatible with older versions of BIND; the -C option suppresses them. > In my opinion, the ldns parser should be adjusted to work the same way. You're probably right, but seeing ldns came first, their authors may be reluctant to add some flexibility to it. :-) As an aside, and FWIW, neither Net::DNS nor ldns (both by NLnetlabs) support the 1.3 format. This issue isn't terribly important, but I thought I'd point it out before the release of PowerDNSSEC. -JP _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users