[Opendnssec-develop] getting information from the system

Olaf Kolkman olaf at NLnetLabs.nl
Thu Aug 6 14:34:44 UTC 2009

On 6 aug 2009, at 16:21, Jelte Jansen wrote:

> apart from that there can be some very interesting failures that  
> aren't directly reported back (a missing communicated process can be  
> quite annoying, i've been told, but apparently the only effect one  
> sees in the end is that the engine whines about missing  
> configurations), an administrator will really want to know when the  
> next rollover is. Has this feature been planned yet? (sounds like  
> something that could be added to ksmutil) If not, please do, and  
> plan it before the release :)

The administrator asking for this was me :-)

The somewhat longer version of the above:

Over the last two days I installed opendnssec and while it was  
somewhat of a rough ride the tiny that I ran in where committed faster  
than I could compile (good stuff).

1. As a zone maintainer I want to be sure that when a (KSK) rollover  
happens, I am around and can take action. In fact I want to be able to  
plan in advance (on absolute dates, rather than periods) that I would  
like to initiate a rollover and send a set of keys of to the registry.  
That way I can go on vacation whenever I want :-)

Currently it is hard to see what the chains of events are, and it is  
hard to configure. If it comes to usability knowing what happens when  
would be a good thing.

2. I added zones to the zonefilelist and ran ksmutil update. The  
signer engine complained about missing config files. That turned out  
to be due to a missing comunicated process.

I would think a small wrapper program/script that would start/restart/ 
stop all other deamons and act as a watchdog would be handy.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 235 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090806/5dd8aa4c/attachment.bin>

More information about the Opendnssec-develop mailing list