new: usr: Support for Offline KSK implemented (!9119) · Merge requests · ISC Open Source Projects / BIND

Matthijs Mekking requested to merge 1128-offline-ksk-rndc-import-skr into main Jun 25, 2024

Add a new configuration option offline-ksk to enable Offline KSK key management. Signed Key Response (SKR) files created with dnssec-ksr (or other program) can now be imported into named with the new rndc skr -import command. Rather than creating new DNSKEY, CDS and CDNSKEY records and generating signatures covering these types, these records are loaded from the currently active bundle from the imported SKR.

The implementation is loosely based on: https://www.iana.org/dnssec/archive/files/draft-icann-dnssec-keymgmt-01.txt

Closes #1128 (closed)

Edited Aug 13, 2024 by Matthijs Mekking

new: usr: Support for Offline KSK implemented

Merge request reports