[Opendnssec-develop] Policy configuration checker
Matthijs Mekking
matthijs at NLnetLabs.nl
Tue Aug 11 13:16:17 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
But why waste resign resources if you are not going to output it anyway?
In this example, you can save 23 times resigning that will be unnoticed.
Matthijs
Rickard Bondesson wrote:
>> I was thinking of adding a check
>> <SOA><Serial>keep</Serial></SOA> implies no continuously
>> resigning. Things will break if you allow this combination.
>
>> I think it fits perfectly in the policy configuration checker.
>
>> Matthijs
>
> You do want continuously signing when using <SOA><Serial>keep</Serial></SOA>. It is just that the signer can not output anything if it has not got a zone with a new serial.
>
> I want my zone to be resigned every 5th minute, but a new zone will only arrive every second hour.
>
> Thus will only a new signed zone be created every second hour, and it has the same serial as the zone that arrived.
>
> // Rickard
- ------------------------------------------------------------------------
_______________________________________________
Opendnssec-develop mailing list
Opendnssec-develop at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJKgW8eAAoJEA8yVCPsQCW5TYQIANrxCJ+ZndpuuDGrxODRpRU5
nU0dK9E9doWUb7XsggCaIU8lpTxuYwj/Gwlcy5Ft4WSiPx5fdrZNfXY4+eWlVmxl
ABS7fFR5DZDWITRRp9pK6O7P/vnkJc3LswVATvV9qlJXZfPNWuii47mpsfxG4qbp
09W+EBNJ8dYn8uyV8Mk06HD8EWj96PO6czZrBk5cVdlu+W2Dw9WQrIk0EWclkxEb
XoRgn/LDt2IMjE3sdJ0G542Z7YCXCM+TvrSAvjlRapZtlIZVYkpZnX7eNinSbVwc
SEhi4Dz1gNztft48JOz0YlO7c9Jtw0LLgA45PbISrkJOEOvD4M6b8lUQ2zDC4+E=
=W5H9
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list