Affects Version/s: 2.1.5
Fix Version/s: None
NetBSD 9.0_BETA / amd64
I am looking for a way to get the DS for a key in "waiting for ds-gone" state exported,
so that I can initiate action to have the correct now-obsolete DS record removed
from the DNS. However, "key list --verbose --zone <zone>" only leaves me with cka_id and keytag to uniquely identify a given key.
However, "key export" does apparently not accept either "--cka_id"
or "--keytag" to identify the key to be exported.
"key export" has a "--keystate <state>" option, but that leaves me with the
unanswered question about how the different states are presented to the operator
and how "key export" expects its input as a value to the "--keystate" option.
So this turned me back to "key list" again.
leaves me with an error message and an ods-enforcer which has either crashed or exit()ed. This is quite serious in my judgement, and violates the most basic robustness principles, especially since the "--keystate" option is among the documented options for "key list".
Also, the question about how to get at the "--keystate" values is left unanswered.
Just for reference, when I omit the "--keystate" option, I get:
which doesn't say anything about the values of "--keystate", and does not bring
me closer to being able to identify the now-obsolete DS key in the DNS.