[Opendnssec-develop] getting information from the system

sion at nominet.org.uk sion at nominet.org.uk
Mon Aug 10 08:49:51 UTC 2009


> > an administrator will really want to know when the
> > next rollover is. Has this feature been planned yet? (sounds like
> > something that could be added to ksmutil) If not, please do, and
> > plan it before the release :)

So http://www.pivotaltracker.com/story/show/879875 sort of covers it; I've
added a comment for a more explicit command that will list rollovers, by
zone if specified.

> 1. As a zone maintainer I want to be sure that when a (KSK) rollover
> happens, I am around and can take action. In fact I want to be able to
> plan in advance (on absolute dates, rather than periods) that I would
> like to initiate a rollover and send a set of keys of to the registry.
> That way I can go on vacation whenever I want :-)
>
> Currently it is hard to see what the chains of events are, and it is
> hard to configure. If it comes to usability knowing what happens when
> would be a good thing.

So we need a way to override the key timings and set a retire date[time].
Would you like to see this in the policy itself, so that the key "lifetime"
is expressed as a recurring event. Something like "1st of every month" or
"1st March every year". The alternative is that you override it via a
command to ksmutil, I guess that ultimately we need both?

What about lifetime == infinite (while I am thinking about it); for people
who only want emergency rollovers.

Is this required for v1.0?

Sion




More information about the Opendnssec-develop mailing list