Maintained by: NLnet Labs

[Unbound-users] suggestion for ldan-dane

A. Schulze
Tue Sep 30 14:47:35 CEST 2014


maybe it's a little bit off topic but I think its interesting anyway.
ldns-dane as part of
allow users to create TLSA records. By default the tool create 3-0-1 records

$ ldns-dane -c create 25 3600 IN TLSA 3 0 1 cafe...

Today I learned from Viktor Dukhovni it's strongly recommended to use  
TLSA Records
type 3-1-1 ( Selector = SubjectPublicKeyInfo )

To generate recommended records I have to specify additional arguments:
$ ldns-dane -c create 25 3 1 1 3600 IN TLSA 3 1 1 beef...

Would it be possible to modify ldns-dane to simply create
the record in a recommended way?