mod-authsignal: implementation, docs, tests (!1643) · Merge requests · Knot projects / Knot DNS

Peter Thomassen requested to merge peterthomassen/knot-dns:dnssec-bootstrapping into master Jan 18, 2024

This module is able to synthesize records for automatic DNSSEC bootstrapping (draft-ietf-dnsop-dnssec-bootstrapping). We'd like to use this at deSEC, and it would be great if it would not require a manual build.

Some notes:

Not being a big C coder, I'm not sure if I forgot to free any memory. (I don't think so, and there are only a few assignments, but please check.)
I'm not sure if authsignal is the best name for this module. Perhaps domainsignal, to retain openness for other (configurable) uses later on? (e.g. https://datatracker.ietf.org/doc/draft-thomassen-dnsop-mske/)
I tried coming up with tests, and hope you'll have a better feeling whether those are enough.

(Another thing to ponder: As Knot DNS is very strong on CDS/CDNSKEY automation, it might make sense to have this enabled by default for the nameserver's domain name. But I guess the server usually doesn't know its name ... does it?)

Thanks to Joeri de Ruiter for coding support.

Admin message

Admin message

mod-authsignal: implementation, docs, tests

Merge request reports