47 lines
1.6 KiB
Plaintext
47 lines
1.6 KiB
Plaintext
TODO list as of zkt-0.99
|
|
|
|
general:
|
|
Renaming to zkt-? and split of the functions of dnssec-zkt to
|
|
separate commands
|
|
Fixed in zkt-1.0 (zkt-conf command)
|
|
|
|
dnssec-zkt:
|
|
feat option to specify the key age as remaining lifetime
|
|
(Option -i inverse age ?).
|
|
|
|
dnssec-signer:
|
|
bug Distribute_Cmd wouldn't work properly on dynamic zones
|
|
(missing freeze, thaw; copy Keyfiles instead of signed zone file)
|
|
|
|
bug Automatic KSK rollover of dynamic zones will only work if the parent
|
|
uses the standard name for the signed zonefile (zonefile.db.signed).
|
|
|
|
bug Phase3 of manual ksk rollover do not trigger a resigning of the zone
|
|
(Key removal is not recognized by dosigning () function )
|
|
|
|
bug There is no online checking of the key material by design.
|
|
The signer command checks the status of the key as they
|
|
are represented in the file system and not in the zone.
|
|
The dnssec maintainer is responsible for the lifeliness of the
|
|
data in the hosted domain.
|
|
In other words: It's highly recommended to use the
|
|
option -r when you use zkt-signer on a production zone.
|
|
Then the time of propagation is (more or less) equal to the timestamp
|
|
of the zone.db.signed file.
|
|
|
|
bug The max_TTL parameter should be set to the value found
|
|
in the zone. A mechanism for setting up a dnssec.conf file
|
|
for the zone specific TTL values is needed.
|
|
Fixed in zkt-1.0 (zkt-conf command)
|
|
|
|
zkt-conf:
|
|
port Option -C (compability) to create older config files
|
|
misc Change syntax of config parameters to a more uniq form (e.g. no "_" char)
|
|
|
|
zkt-rollover:
|
|
feat New command to roll keys independent of zone signing
|
|
(Usefull for dynamic zones managed by BIND9.7)
|
|
|
|
dki:
|
|
feat Use dynamic memory for dname in dki_t
|