[Opendnssec-develop] Policy configuration checker
Rickard Bondesson
rickard.bondesson at iis.se
Tue Aug 11 13:11:15 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> I was thinking of adding a check
> <SOA><Serial>keep</Serial></SOA> implies no continuously
> resigning. Things will break if you allow this combination.
>
> I think it fits perfectly in the policy configuration checker.
>
> Matthijs
You do want continuously signing when using <SOA><Serial>keep</Serial></SOA>. It is just that the signer can not output anything if it has not got a zone with a new serial.
I want my zone to be resigned every 5th minute, but a new zone will only arrive every second hour.
Thus will only a new signed zone be created every second hour, and it has the same serial as the zone that arrived.
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSoFt8+CjgaNTdVjaAQh9tgf9G6ahsmXOviM9nZPxjV/fwe6woBvFdL1V
EYWUwJ8zaIYudX7XqZhbg62ZjzueW9jp4r4uWwj069sR2YXpq67DzFWsWB98lDc8
DzFsx3kCixieu4WICitJvjqHeFgSuD78v2IcOULcJh0HeCuSWxtxmB81bY4ePZBg
aAvDmzpGLL/A+VldPNECW+jTQp/bJ93FemthHJgZyuOfIsHT0u2SspOxcW8LyJMi
cvWn8LPgRRLDH9XpJiPJ1xU8SG8lZPWYMrCqLZLg9800RHn9AkeVlaUeaQmiI7hi
IW5sB075bmn5CDAYT+8htViCK3am4SOgQRCgDE2IN5hUEXEIty5nYw==
=Epor
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list