[Opendnssec-develop] interaction between the Signer and KASP

Jelte Jansen jelte at NLnetLabs.nl
Mon Jan 12 08:55:59 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Dickinson wrote:
> 
> As promised here are my thoughts. This document is by no means complete
> and is only intended to reflect my understanding of what we are doing.
> Therefore, it will need some discussion :)
> 

just to beat the meeting and give us something to think about;

what i'm missing from this document is where the actual content of the
zones lives. The doc seems to suggest that is is 'xfr upon need'; when
some signing of a zone needs to be done; the contents are fetched. This
is not as i had understood (rather, i thought the whole system was to be
either an actual master or an 'active' slave to another master; keeping
the zone data synced as much as possible).

What to do when that data changes. Will the enforcer know of this change
and tell the signer engine to XFR again and sign the new data?

Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAklrBZwACgkQ4nZCKsdOncUWoACfTTfigiF/dgbfP4INyfup+etV
EPQAni0XXs1kCTbsg3+paSO3t4EbGX+S
=aPAp
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list