Improve readability of 'rndc dnssec -status'
The output of rndc dnssec -status
can be quite difficult to read.
- The states "omnipresent", "unretentive", etc don't mean much to users. Some users for example think BIND is stuck because the DS stays in
"rumoured" state, while in fact BIND is waiting to be signaled that the DS is published (with
rndc dnssec -checkds
or through parental agents. - Perhaps the states shouldn't be printed at all, except when a to be implemented new argument is added,
-v
for verbose output. - "key signing:" sounds like it is signing the DNSKEY RRset, "signing:" might be better.
- The additional blank line within each key block makes it actually more difficult to read, perhaps only have newline breaks between each key block.
- With many keys, sorting may be useful. Sort on rollover due/scheduled date and group keys by their role (CSK, KSK, ZSK).