git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Tue, 3 Sep 2024 15:24:22 +0000 (17:24 +0200)
committer	Matthijs Mekking <matthijs@isc.org>
	Fri, 1 Nov 2024 14:50:16 +0000 (15:50 +0100)
commit	680aedb595917868118bf312834fc388787c5b4e
tree	1390bd57bf51ca620f7718143d91c68808f890ab	tree \| snapshot
parent	01169b7ffc442499244c88526ff95f54f2579106	commit \| diff

dnssec-ksr keygen -o to create KSKs

Add an option to dnssec-ksr keygen, -o, to create KSKs instead of ZSKs.
This way, we can create a set of KSKS for a given period too.

For KSKs we also need to set timing metadata, including "SyncPublish"
and "SyncDelete". This functionality already exists in keymgr.c so
let's make the function accessible.

Replace dnssec-keygen calls with dnssec-ksr keygen for KSK in the
ksr system test and check keys for created KSKs as well. This requires
a slight modification of the check_keys function to take into account
KSK timings and metadata.

bin/dnssec/dnssec-ksr.c		diff \| blob \| blame \| history
bin/dnssec/dnssec-ksr.rst		diff \| blob \| blame \| history
bin/tests/system/ksr/tests_ksr.py		diff \| blob \| blame \| history
lib/dns/include/dns/keymgr.h		diff \| blob \| blame \| history
lib/dns/keymgr.c		diff \| blob \| blame \| history