1TODO list as of zkt-0.99 2 3general: 4 Renaming to zkt-? and split of the functions of dnssec-zkt to 5 separate commands 6 Fixed in zkt-1.0 (zkt-conf command) 7 8dnssec-zkt: 9 feat option to specify the key age as remaining lifetime 10 (Option -i inverse age ?). 11 12dnssec-signer: 13 bug Distribute_Cmd wouldn't work properly on dynamic zones 14 (missing freeze, thaw; copy Keyfiles instead of signed zone file) 15 16 bug Automatic KSK rollover of dynamic zones will only work if the parent 17 uses the standard name for the signed zonefile (zonefile.db.signed). 18 19 bug Phase3 of manual ksk rollover do not trigger a resigning of the zone 20 (Key removal is not recognized by dosigning () function ) 21 22 bug There is no online checking of the key material by design. 23 The signer command checks the status of the key as they 24 are represented in the file system and not in the zone. 25 The dnssec maintainer is responsible for the lifeliness of the 26 data in the hosted domain. 27 In other words: It's highly recommended to use the 28 option -r when you use zkt-signer on a production zone. 29 Then the time of propagation is (more or less) equal to the timestamp 30 of the zone.db.signed file. 31 32 bug The max_TTL parameter should be set to the value found 33 in the zone. A mechanism for setting up a dnssec.conf file 34 for the zone specific TTL values is needed. 35 Fixed in zkt-1.0 (zkt-conf command) 36 37zkt-conf: 38 port Option -C (compability) to create older config files 39 misc Change syntax of config parameters to a more uniq form (e.g. no "_" char) 40 41zkt-rollover: 42 feat New command to roll keys independent of zone signing 43 (Usefull for dynamic zones managed by BIND9.7) 44 45dki: 46 feat Use dynamic memory for dname in dki_t 47