Add a new configuration option `offline-ksk` to enable Offline KSK key management. Signed Key Response (SKR) files created with `dnssec-ksr` (or other program) can now be imported into `named` with the new `rndc skr -import` command. Rather than creating new DNSKEY, CDS and CDNSKEY records and generating signatures covering these types, these records are loaded from the currently active bundle from the imported SKR.
The implementation is loosely based on: https://www.iana.org/dnssec/archive/files/draft-icann-dnssec-keymgmt-01.txt
Closes #1128
Merge branch '1128-offline-ksk-rndc-import-skr' into 'main'
Closes #1128
See merge request isc-projects/bind9!9119
projects / thirdparty / bind9.git / commitdiff
