Root Zone DNSSEC Deployment Technical Status Update

Bjørn Mork bjorn at
Thu Jul 22 07:16:00 CDT 2010

Jeffrey Ollie <jeff at> writes:
> On Fri, Jul 16, 2010 at 1:12 PM, Joel Jaeggli <joelja at> wrote:
>> On 7/16/10 11:07 AM, Tony Finch wrote:
>>> On Fri, 16 Jul 2010, Chris Adams wrote:
>>>> A simple XSLT will transform it into any needed format.
>>> XSLT can't turn root-anchors.xml into the DNSKEY RR that BIND requires.
>> anchors2keys will.
> Actually, it won't.  The ITAR anchors.xml and anchors2keys use a
> different XML schema than the root-anchors.xml does.

Just for the fun of it, I explored how difficult it would be
implementing something similar in perl using the excellent Net::DNS::SEC
module.  It was really simple:
Ugly as hell as usual with my perl code, but it works. And it is simple
enough to be verifiable.

You will need Net::DNS::SEC and XML::Simple from CPAN or your friendly
OS distribution (libnet-dns-sec-perl and libxml-simple-perl in Debian)


More information about the NANOG mailing list