Skip to content

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
    • Help
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
BIND
BIND
  • Project
    • Project
    • Details
    • Activity
    • Releases
    • Cycle Analytics
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Charts
  • Issues 249
    • Issues 249
    • List
    • Board
    • Labels
    • Milestones
  • Merge Requests 46
    • Merge Requests 46
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Charts
  • Registry
    • Registry
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Charts
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #853

Closed
Open
Opened Jan 31, 2019 by Evan Hunt@each
  • Report abuse
  • New issue
Report abuse New issue

dnssec-dsfromkey doesn't omit revoked KSK

I noticed in passing that if you run dnssec-dsfromkey on an arbitrary DNSKEY RRset, it'll convert all keys with a SEP bit into DS records, including the revoked keys, which is probably not wanted. (dig dnskey nuthaven.org | dnssec-dsfromkey -f - nuthaven.org to demonstrate.)

Maybe we want to include revoked keys if using the -A option (which means all keys, not omitting ZSKs), but I think not by default.

Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
No due date
1
Labels
Bug
Assign labels
  • View project labels
Reference: isc-projects/bind9#853