Root Zone DNSSEC Deployment Technical Status Update

Bjørn Mork bjorn at mork.no
Thu Jul 22 12:16:00 UTC 2010


Jeffrey Ollie <jeff at ocjtech.us> writes:
> On Fri, Jul 16, 2010 at 1:12 PM, Joel Jaeggli <joelja at bogus.com> wrote:
>> On 7/16/10 11:07 AM, Tony Finch wrote:
>>>
>>> On Fri, 16 Jul 2010, Chris Adams wrote:
>>>>
>>>> A simple XSLT will transform it into any needed format.
>>>
>>> XSLT can't turn root-anchors.xml into the DNSKEY RR that BIND requires.
>>
>> anchors2keys will.
>
> Actually, it won't.  The ITAR anchors.xml and anchors2keys use a
> different XML schema than the root-anchors.xml does.

Just for the fun of it, I explored how difficult it would be
implementing something similar in perl using the excellent Net::DNS::SEC
module.  It was really simple: http://www.mork.no/~bjorn/rootanchor2keys.pl
Ugly as hell as usual with my perl code, but it works. And it is simple
enough to be verifiable.

You will need Net::DNS::SEC and XML::Simple from CPAN or your friendly
OS distribution (libnet-dns-sec-perl and libxml-simple-perl in Debian)



Bjørn




More information about the NANOG mailing list