Add API to support meaningful comments?

[k0ekk0ek]

OpenDNSSEC (maybe others too) uses comments to store signing state in the zone file itself. Therefore, it makes sense to expand the API and support returning these comments. Pending further information, the following two examples were provided to start planning the feature.

;;Key: locator ad06eeab0b0906e14ce2e27fb70d0425 algorithm 8 flags 256 publish 1 ksk 0 zsk 1 rfc5011 0
;;
example.com. 300 IN SOA ns1.example.com. postmaster.example.com.

example.com. 300 IN DNSKEY 256 3 8 AwEAAaVhvyRrg2vmOgiolwfvRHekdHGPUXt6OzNNz1iAMrwUx6S9yQ0L0IyUX0n2rcHIw5qgtoW0ZSkOMBT/1mS5CDUlvh3iba4BplYlEQ/XGYHxYoi0lYpsFiMgaDg9nOU03AkvjTFr1/0b8qXqgNWxR0EB+8s517T/BnDXo7S3ReLR ;{id = 46921 (zsk), size = 1024b}

The last example is ouput from ldns-signzone. There it only serves as information to the reader the parser will not interpret it.

[k0ekk0ek]

Apparently Unbound uses similar tricks for trust anchors. If you run unbound-anchor -a root.key you'll get output like this:

; autotrust trust anchor file
;;id: . 1
;;last_queried: 1683198206 ;;Thu May  4 13:03:26 2023
;;last_success: 1683198206 ;;Thu May  4 13:03:26 2023
;;next_probe_time: 1683240986 ;;Fri May  5 00:56:26 2023
;;query_failed: 0
;;query_interval: 43200
;;retry_time: 8640
.	86400	IN	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ;{id = 20326 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1683198206 ;;Thu May  4 13:03:26 2023

An example of an initial bootstrap file is:

example.com.    10800   IN      DS      55582 5 1 66e829ebd8145e6f030b840ae63b77273c9575e1 ; xiniv-mopov-rakoc-galuk-zibeb-ricob-penuf-rutad-lyzan-hetuv-caxox