add a note to DESCR pointing out some more actively-maintained ways to

do DNSSEC
2020-02-20 11:50:20 +00:00 · 2020-02-20 11:50:20 +00:00 · a66954e910
commit a66954e910
parent a9acd98f82
2 changed files with 9 additions and 2 deletions
--- a/security/zkt/Makefile
+++ b/security/zkt/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.16 2020/02/20 11:21:13 sthen Exp $
+# $OpenBSD: Makefile,v 1.17 2020/02/20 11:50:20 sthen Exp $

 COMMENT=	DNSsec Zone Key Tool

 DISTNAME=	zkt-1.1.4
 CATEGORIES=	security
-REVISION=	2
+REVISION=	3

 # also https://github.com/hzuleger/ZKT http://www.zonekeytool.de/
 HOMEPAGE=	https://www.hznet.de/dns/zkt/
--- a/security/zkt/pkg/DESCR
+++ b/security/zkt/pkg/DESCR
@ -9,3 +9,10 @@ zone signing keys

 Most of the commands are simple wrapper commands around BIND's
 dnssec-keygen(8) and dnssec-signzone(8) commands.
+
+Warning: ZKT is old and doesn't seem to be very actively maintained -
+it might not work with current versions of BIND tools. Users looking
+to setup DNSSEC should look elsewhere, either higher-level tools like
+opendnssec or the built-in support in PowerDNS authoritative server, or
+using lower-level tools directly (dnssec-signzone from the isc-bind
+package or ldns-signzone from the ldns-utils package).