On Friday, 3 February 2023 at 06:34 (-0500), Genes Lists wrote:
On 2/3/23 05:03, ogarcia@moire.org wrote:
I don't suppose you have a similar replacement for my other dependency on the bind package, dnssec-signzone?
As a command I personally do not know of any replacement. But if you simply use `dnssec-signzone` to check the DNSSEC status of a domain you can pull online tools like https://dnssec-analyzer.verisignlabs.com/ (not that it is the best, but it is something).
I use dnssec to sign domains and I am using ldns to do the leg work (key creating, zone signing). ldns may have what you want.
Thanks! I'll check out ldns and roll it's signing utility into my own hacky script for automatically resigning and deploying DNSSEC/TLSA ;) Then pacman -Rs bind... Jaron