summaryrefslogtreecommitdiff
path: root/contrib/zkt/TODO
blob: 12abdb059b56f4fdd4db13294d7a6fead3063a27 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
TODO list as of zkt-0.99

general:
	Renaming of the tools to zkt-* ? 

dnssec-zkt:
 feat	option to specify the key age as remaining lifetime
	(Option -i inverse age ?).

dnssec-signer:
 bug	Distribute_Cmd wouldn't work properly on dynamic zones
 	(missing freeze, thaw; copy Keyfiles instead of signed zone file)

 bug	Automatic KSK rollover of dynamic zones will only work if the parent
 	uses the standard name for the signed zonefile (zonefile.db.signed).

 bug	Phase3 of manual ksk rollover do not trigger a resigning of the zone
 	(Key removal is not recognized by dosigning () function )

 bug	There is no online checking of the key material by design.
 	The signer command checks the status of the key as they
	are represented in the file system and not in the zone.
	The dnssec maintainer is responsible for the lifeliness of the
	data in the hosted domain.
	In other words: It's highly recommended to use the
	option -r when you use dnssec-signer on a production zone.
	Then the time of propagation is (more or less) equal to the timestamp
	of the zone.db.signed file.

 bug	The max_TTL and Key_TTL parameter should be set to the value found
 	in the zone. A mechanism for setting up a dnssec.conf file for the
	zone specific TTL values is needed.

dki:
 feat	Use dynamic memory for dname in dki_t