From: Matthijs Mekking <matthijs@isc.org>
Date: Thu, 22 Aug 2024 07:15:00 +0000 (+0000)
Subject: new: usr: Support for Offline KSK implemented
X-Git-Tag: v9.21.1~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfa206beeccabb7d9ba4912edd98d4223b9e6556;p=thirdparty%2Fbind9.git

new: usr: Support for Offline KSK implemented

Add a new configuration option `offline-ksk` to enable Offline KSK key management. Signed Key Response (SKR) files created with `dnssec-ksr` (or other program) can now be imported into `named` with the new `rndc skr -import` command. Rather than creating new DNSKEY, CDS and CDNSKEY records and generating signatures covering these types, these records are loaded from the currently active bundle from the imported SKR.

The implementation is loosely based on: https://www.iana.org/dnssec/archive/files/draft-icann-dnssec-keymgmt-01.txt

Closes #1128

Merge branch '1128-offline-ksk-rndc-import-skr' into 'main'

Closes #1128

See merge request isc-projects/bind9!9119
---

bfa206beeccabb7d9ba4912edd98d4223b9e6556