X-Scanned-BY: MIMEDefang 2.68 on 10.5.11.22
MIME-Version: 1.0
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0
Content-Type: text/plain; charset=utf-8; format=flowed
Message-ID: <545A53C1.7010100@redhat.com>
Organization: Red Hat
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) by bugs.isc.org (Postfix) with ESMTP id 3ED1E2D2004F for <bind-suggest@bugs.isc.org>; Wed,  5 Nov 2014 16:43:51 +0000 (UTC)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.redhat.com", Issuer "DigiCert SHA2 Extended Validation Server CA" (not verified)) by mx.pao1.isc.org (Postfix) with ESMTPS id CD0CC3494EF for <bind-suggest@isc.org>; Wed,  5 Nov 2014 16:43:49 +0000 (UTC)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id sA5Ghlxf015309 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <bind-suggest@isc.org>; Wed, 5 Nov 2014 11:43:48 -0500
Received: from pspacek.brq.redhat.com (unused [10.34.128.7] (may be forged)) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id sA5GhjCk020973 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <bind-suggest@isc.org>; Wed, 5 Nov 2014 11:43:46 -0500
Delivered-To: bind-suggest@bugs.isc.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
Subject: CDS & CDNSKEY integration with in-line signing
Return-Path: <pspacek@redhat.com>
X-Original-To: bind-suggest@bugs.isc.org
Date: Wed, 05 Nov 2014 17:43:45 +0100
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org
To: bind-suggest@isc.org
Content-Transfer-Encoding: 7bit
From: Petr Spacek <pspacek@redhat.com>
X-RT-Original-Encoding: utf-8
Content-Length: 396

Hello,

I have seen that support for CDS and CDNSKEY resource record types was added 
to BIND 9.10.

It would be great if in-line signing could automatically add/manage 
CDS/CDNSKEY records according to timestamps in the key files.

I suspect that it could be a zone-knob like child-dnssec-sync: none | ds | 
dnskey | both; or something like that.

Have a nice day!

-- 
Petr Spacek  @  Red Hat