[Opendnssec-develop] Policy configuration checker
Alexd at nominet.org.uk
Alexd at nominet.org.uk
Tue Aug 11 12:41:18 UTC 2009
Hi -
At the get-together in Amsterdam, it was suggested that we needed a
policy configuration checker. This would check the (presumably
syntactically correct) configuration files to make sure that they were
semantically correct. Stuff like :
InceptionOffset < Validity
Jitter < Validity
(InceptionOffset + Jitter) < Validity
Algorithm type consistent with NSEC3
etc...
I'd propose to make this part of the auditor, with a simple '-p' /
'--process' switch to run the policy checker (with a similar system or
error code returns and logging for communication). I wasn't clear when (or
by what) it would be called.
Are there any other useful checks which should be performed?
Thanks,
Alex.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090811/a04b53ae/attachment.htm>
More information about the Opendnssec-develop
mailing list