Re: Root Zone DNSSEC Deployment Technical Status Update

[Bjørn Mork <bjorn () mork no>]

Jeffrey Ollie <jeff () ocjtech us> writes:
> On Fri, Jul 16, 2010 at 1:12 PM, Joel Jaeggli <joelja () bogus com> wrote:
> > On 7/16/10 11:07 AM, Tony Finch wrote:
> > > On Fri, 16 Jul 2010, Chris Adams wrote:
> > > > A simple XSLT will transform it into any needed format.
> > >
> > > XSLT can't turn root-anchors.xml into the DNSKEY RR that BIND requires.
> >
> > anchors2keys will.
>
> Actually, it won't.  The ITAR anchors.xml and anchors2keys use a
> different XML schema than the root-anchors.xml does.

Just for the fun of it, I explored how difficult it would be
implementing something similar in perl using the excellent Net::DNS::SEC
module.  It was really simple: http://www.mork.no/~bjorn/rootanchor2keys.pl
Ugly as hell as usual with my perl code, but it works. And it is simple
enough to be verifiable.

You will need Net::DNS::SEC and XML::Simple from CPAN or your friendly
OS distribution (libnet-dns-sec-perl and libxml-simple-perl in Debian)



Bjørn