blob: 12abdb059b56f4fdd4db13294d7a6fead3063a27 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
TODO list as of zkt-0.99
general:
Renaming of the tools to zkt-* ?
dnssec-zkt:
feat option to specify the key age as remaining lifetime
(Option -i inverse age ?).
dnssec-signer:
bug Distribute_Cmd wouldn't work properly on dynamic zones
(missing freeze, thaw; copy Keyfiles instead of signed zone file)
bug Automatic KSK rollover of dynamic zones will only work if the parent
uses the standard name for the signed zonefile (zonefile.db.signed).
bug Phase3 of manual ksk rollover do not trigger a resigning of the zone
(Key removal is not recognized by dosigning () function )
bug There is no online checking of the key material by design.
The signer command checks the status of the key as they
are represented in the file system and not in the zone.
The dnssec maintainer is responsible for the lifeliness of the
data in the hosted domain.
In other words: It's highly recommended to use the
option -r when you use dnssec-signer on a production zone.
Then the time of propagation is (more or less) equal to the timestamp
of the zone.db.signed file.
bug The max_TTL and Key_TTL parameter should be set to the value found
in the zone. A mechanism for setting up a dnssec.conf file for the
zone specific TTL values is needed.
dki:
feat Use dynamic memory for dname in dki_t
|