opendnssec -> inline-signing

[Randy Bush]

[ off list ]

> I couldn't help noticing that when you ran dnssec-dsfromkey you
> referenced this directory: /usr/home/dns/Fixed

nah.  i have multiple copies so i can `rsync` them to refresh.

i am getting closer.  as mark pointed in the direction, i found that the
keys produced by the extraction from openhsm were old style.  but i am
still muddling upgrading them.  e.g.

    rip.psg.com:/usr/home/dns/dkeys# dnssec-settime -f -P 20240301 -A 20240301 -I 20340301 -D 20340310 Krg.net+008+12391.key 
    ./Krg.net.+008+12391.key
    ./Krg.net.+008+12391.private
    
    rip.psg.com:/usr/home/dns/dkeys# cat Krg.net+008+12391.key
    rg.net. 3600    IN      DNSKEY  257 3 8 AwEAAcP46+ZNd9PbePWnmTI+yQDW4VmDFUE+eWycXz+Gu7YzQuwXyEvwHEWvZXuIRezbLU81J+R0x7c8eTGAlnJjvutz1dSQd31lG46pc15FYeMoR0ec0ukZmQKNjIZCqnxRczLF5a2LW/qnOlREDFtHY6SwQrP0QHxy2HO+vLNExsEvCGlAQznvaGomj/NS/gOIAgmw3PF5vJIKKsDb5bdMJH3xY9aDDQ+4fqlaarYAiDzTYDMN+NxSo9FkjYu/3DlQqfJoBGH8TQRdWmAZr9mKSOcHDlQGhvYbHeHboUunq0twiWG8MWDdQUwtrO5jbi9ac0wEdEQiolg6U0QR0RUVFcE=

i.e. the key was not upgraded.  but, it turns out it created a new one
with a dot in the name that is an upgraded version

    rip.psg.com:/usr/home/dns/dkeys# cat Krg.net.+008+12391.key
    ; This is a key-signing key, keyid 12391, for rg.net.
    ; Created: 20240308032432 (Fri Mar  8 03:24:32 2024)
    ; Publish: 20240301000000 (Fri Mar  1 00:00:00 2024)
    ; Activate: 20240301000000 (Fri Mar  1 00:00:00 2024)
    ; Inactive: 20340301000000 (Wed Mar  1 00:00:00 2034)
    ; Delete: 20340310000000 (Fri Mar 10 00:00:00 2034)
    rg.net. 3600 IN DNSKEY 257 3 8 AwEAAcP46+ZNd9PbePWnmTI+yQDW4VmDFUE+eWycXz+Gu7YzQuwXyEvw HEWvZXuIRezbLU81J+R0x7c8eTGAlnJjvutz1dSQd31lG46pc15FYeMo R0ec0ukZmQKNjIZCqnxRczLF5a2LW/qnOlREDFtHY6SwQrP0QHxy2HO+ vLNExsEvCGlAQznvaGomj/NS/gOIAgmw3PF5vJIKKsDb5bdMJH3xY9aD DQ+4fqlaarYAiDzTYDMN+NxSo9FkjYu/3DlQqfJoBGH8TQRdWmAZr9mK SOcHDlQGhvYbHeHboUunq0twiWG8MWDdQUwtrO5jbi9ac0wEdEQiolg6 U0QR0RUVFcE=

randy