diff options
author | Martin Nagy <mnagy@redhat.com> | 2009-02-11 20:37:59 +0100 |
---|---|---|
committer | Martin Nagy <mnagy@redhat.com> | 2009-02-11 20:37:59 +0100 |
commit | f50ae72ec3417cae55dd4e085991c01af9fdc5f1 (patch) | |
tree | 0e36c9a3320f6d068df93d3ff6d84b821d23db40 /contrib/zkt/TODO | |
download | bind_dynamic-f50ae72ec3417cae55dd4e085991c01af9fdc5f1.tar.gz bind_dynamic-f50ae72ec3417cae55dd4e085991c01af9fdc5f1.tar.xz bind_dynamic-f50ae72ec3417cae55dd4e085991c01af9fdc5f1.zip |
Initial commitstart
Diffstat (limited to 'contrib/zkt/TODO')
-rw-r--r-- | contrib/zkt/TODO | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/contrib/zkt/TODO b/contrib/zkt/TODO new file mode 100644 index 0000000..fc53210 --- /dev/null +++ b/contrib/zkt/TODO @@ -0,0 +1,37 @@ +TODO list as of zkt-0.97 + +general: + Renaming of the tools to zkt-* ? + +dnssec-zkt: + feat option to specify the key age as remaining lifetime + (Option -i inverse age ?) As of v0.95 the key lifetime + is stored at the key itself, so this could be possibly + implemented without big effort(?). + +dnssec-signer: + bug Distribute_Cmd will not work properly on dynamic zones + + bug Automatic KSK rollover of dynamic zones will only work if the parent + uses the standard name for the signed zonefile (zonefile.db.signed). + + bug Phase3 of manual ksk rollover do not trigger a resigning of the zone + (Key removal is not recognized by dosigning () function ) + + bug There is no online checking of the key material by design. + So the signer command checks the status of the key as they + are represented in the file system and not in the zone. + The dnssec maintainer is responsible for the lifeliness of the + data in the hosted domain. + In other words: It's highly recommended to use the + option -r when you use dnssec-signer on a production zone. + Then the time of propagation is (more or less) equal to the timestamp + of the zone.db.signed file. + + bug The max_TTL and Key_TTL parameter should be set to the value found + in the zone. A mechanism for setting up a dnssec.conf file for the + zone specific TTL values is needed. + +dki: + feat Use dynamic memory for dname in dki_t + |