- msg 'Transforming root-zone key to trusted-keys format...'
- echo . IN DNSKEY $(wc -c ${_root_anchor}.crt | cut -d ' ' -f 1) 0 0 $(base64 -w 0 ${_root_anchor}.crt) > root-zone.key
+
+ msg 'Transforming root-zone key'
+ msg2 'to base64 format...'
+ _anchor_data="$(wc -c ${_root_anchor}.crt | cut -d ' ' -f 1) 0 0 $(base64 -w 0 ${_root_anchor}.crt)";
+ echo ${_anchor_data}
+ echo
+
+ msg2 'to trusted-keys format...'
+ echo . IN DNSKEY ${_anchor_data} | tee ${_root_anchor_out}.key
+ echo
+
+ msg2 'to dnsval.conf format...'
+ echo "# you can include this file in dnsval.conf using following directive:
+# include ${_anchor_dir}/${_root_anchor_out}.dnsval.conf
+
+: trust-anchor
+ . \"${_anchor_data}\"
+;
+
+: zone-security-expectation
+ . validate
+;" | tee ${_root_anchor_out}.dnsval.conf
+ echo
+