[Opendnssec-develop] Re: [OpenDNSSEC] #13: "engine: no new signatures, keeping zone" when changing zone parameters

Matthijs Mekking matthijs at NLnetLabs.nl
Mon Aug 31 13:17:19 UTC 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Picking op this ticket. Not sure what to do.

The report is two-fold.

1.
What to do if the signer engine is presented a new SignerConfiguration
but no new signatures need to be created. Should we keep the old zone or
should we force a new output zone?

In my point of view, we should only output a new zone if new signatures
where created. So, for example an increased signature refresh value does
not necessarily result in a new output zone.

2.
What to do when signer_engine_cli sign <zone> is called. Should we force
a new output zone or only if new signatures are created?

In my point of view, again, we should only output a new zone if new
signatures are created. If the SOA serial changed, we should only output
a new zone if the SOA/Serial is equal to "keep".

Is this ok?

Matthijs

OpenDNSSEC wrote:
> #13: "engine: no new signatures, keeping zone" when changing zone parameters
> ---------------------------------+------------------------------------------
> Reporter:  mattias at nonetwork.se  |        Owner:  matthijs
>     Type:  defect                |       Status:  assigned
> Priority:  minor                 |    Component:  Unknown 
>  Version:                        |   Resolution:          
> Keywords:                        |  
> ---------------------------------+------------------------------------------
> Changes (by jakob):
> 
>   * owner:  jelte => matthijs
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJKm81GAAoJEA8yVCPsQCW5bCYIAJF7B4p2wyrpgjZQpO6lE2xa
ryQ2LWv1jqeyUTBpZMokJG1t5yvGqKPh4OdaUOXMSexBxW/KS7TGMY7YS4xJTV2W
Us4oCU4OMh4lPVVGCID98VIbuAefD/ZtoXDM73L+XE9o3nYbOv/CwX6PvDrbkonh
fnMMhfOtk2oL5pn+aKVKd9F/x6+BNdnsZSCbNF3l8cTSRNwJi1nYBAA5Y0iNwRcm
rljwxhTktieWPzE1jsqmU0cdRtPqejlYB9VuLgrhpBKqrUG5MCidbAs9AxUVC2NB
k+1DxmwBMpKcTDpOUoKBzUYaKDYKq+hchJZGku/HiXyUVyucACWa2lE8/W1RR7M=
=K2ai
-----END PGP SIGNATURE-----

More information about the Opendnssec-develop mailing list