[9.20] new: usr: Support for Offline KSK implemented (!9389) · Merge requests · ISC Open Source Projects / BIND

bind-team-rw-api-rw-repo requested to merge backport-1128-offline-ksk-rndc-import-skr-9.20 into bind-9.20 Aug 22, 2024

Add a new configuration option offline-ksk to enable Offline KSK key management. Signed Key Response (SKR) files created with dnssec-ksr (or other program) can now be imported into named with the new rndc skr -import command. Rather than creating new DNSKEY, CDS and CDNSKEY records and generating signatures covering these types, these records are loaded from the currently active bundle from the imported SKR.

The implementation is loosely based on: https://www.iana.org/dnssec/archive/files/draft-icann-dnssec-keymgmt-01.txt

Closes #1128 (closed)

Backport of MR !9119 (merged)

[9.20] new: usr: Support for Offline KSK implemented

Merge request reports