[127994] in North American Network Operators' Group
Re: Root Zone DNSSEC Deployment Technical Status Update
daemon@ATHENA.MIT.EDU (=?utf-8?Q?Bj=C3=B8rn_Mork?=)
Thu Jul 22 08:16:48 2010
From: =?utf-8?Q?Bj=C3=B8rn_Mork?= <bjorn@mork.no>
To: Jeffrey Ollie <jeff@ocjtech.us>
Date: Thu, 22 Jul 2010 14:16:00 +0200
In-Reply-To: <AANLkTimKbJ2cfzhCSN8oEENRW04TCgujjIhLJYxWl7Mo@mail.gmail.com>
(Jeffrey Ollie's message of "Fri, 16 Jul 2010 19:34:54 -0500")
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Jeffrey Ollie <jeff@ocjtech.us> writes:
> On Fri, Jul 16, 2010 at 1:12 PM, Joel Jaeggli <joelja@bogus.com> wrote:
>> On 7/16/10 11:07 AM, Tony Finch wrote:
>>>
>>> On Fri, 16 Jul 2010, Chris Adams wrote:
>>>>
>>>> A simple XSLT will transform it into any needed format.
>>>
>>> XSLT can't turn root-anchors.xml into the DNSKEY RR that BIND requires.
>>
>> anchors2keys will.
>
> Actually, it won't. The ITAR anchors.xml and anchors2keys use a
> different XML schema than the root-anchors.xml does.
Just for the fun of it, I explored how difficult it would be
implementing something similar in perl using the excellent Net::DNS::SEC
module. It was really simple: http://www.mork.no/~bjorn/rootanchor2keys.pl
Ugly as hell as usual with my perl code, but it works. And it is simple
enough to be verifiable.
You will need Net::DNS::SEC and XML::Simple from CPAN or your friendly
OS distribution (libnet-dns-sec-perl and libxml-simple-perl in Debian)
Bj=C3=B8rn
