[Opendnssec-develop] Policy configuration checker

Alexd at nominet.org.uk Alexd at nominet.org.uk
Tue Aug 11 12:41:18 UTC 2009

Hi - 

At the get-together in Amsterdam, it  was suggested that we needed a 
policy configuration checker. This would check the (presumably 
syntactically correct) configuration files to make sure that they were 
semantically correct. Stuff like : 

  InceptionOffset < Validity
  Jitter < Validity
  (InceptionOffset + Jitter) < Validity
  Algorithm type consistent with NSEC3

I'd propose to make this part of the auditor, with a simple '-p' / 
'--process' switch to run the policy checker (with a similar system or 
error code returns and logging for communication). I wasn't clear when (or 
by what) it would be called.

Are there any other useful checks which should be performed?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090811/a04b53ae/attachment.htm>

More information about the Opendnssec-develop mailing list