Root Zone DNSSEC Deployment Technical Status Update
bjorn at mork.no
Thu Jul 22 07:16:00 CDT 2010
Jeffrey Ollie <jeff at ocjtech.us> writes:
> On Fri, Jul 16, 2010 at 1:12 PM, Joel Jaeggli <joelja at bogus.com> wrote:
>> On 7/16/10 11:07 AM, Tony Finch wrote:
>>> On Fri, 16 Jul 2010, Chris Adams wrote:
>>>> A simple XSLT will transform it into any needed format.
>>> XSLT can't turn root-anchors.xml into the DNSKEY RR that BIND requires.
>> anchors2keys will.
> Actually, it won't. The ITAR anchors.xml and anchors2keys use a
> different XML schema than the root-anchors.xml does.
Just for the fun of it, I explored how difficult it would be
implementing something similar in perl using the excellent Net::DNS::SEC
module. It was really simple: http://www.mork.no/~bjorn/rootanchor2keys.pl
Ugly as hell as usual with my perl code, but it works. And it is simple
enough to be verifiable.
You will need Net::DNS::SEC and XML::Simple from CPAN or your friendly
OS distribution (libnet-dns-sec-perl and libxml-simple-perl in Debian)
More information about the NANOG