[Opendnssec-develop] Config question
rickard.bondesson at iis.se
Tue Aug 4 08:20:20 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
> Hi -
> I've been looking at Pivotal issue 1018973. I have some
> questions regarding the system configuration - sorry if the
> answers are written down; I couldn't find them.
> Currently, the auditor uses zonelist.xml to find the
> <zone_config>.xml files for each zone, and do the auditing.
> This is apparently not good.
The path to the zonelist.xml should come from conf.xml, because the location of zonelist.xml may be on another place than the conf.xml directory.
> So, I can look at conf.xml, kasp.xml and zonelist.xml, and
> get most of the info from there. However, these files do not
> specify the salt - this is potentially added from the DB, and
> not stored anywhere other than <zone_config.xml>. So, I don't
> think it's possible to write the auditor without checking
> this file, unless the salt is queried directly from the DB.
> Should the auditor be checking the DB?
> Should the salt be stored somewhere the auditor can get it?
> Or should that be the only information lifted from <zone_config.xml>?
# The actual salt is generated by the Enforcer
# Note: the enforcer may decide to store the
# current salt in the DB and so it could be exported
Is Enforcer doing this? Then it should just be to parse the kasp.xml
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop