[Opendnssec-develop] engine config for auditing
Alexd at nominet.org.uk
Alexd at nominet.org.uk
Tue Jul 14 09:06:24 UTC 2009
Hi -
> since the auditor tool might be a bit cpu-intensive, administrators
> may wish to
> turn off automatic auditing after sign, so I'd like to make it
configurable
> whether the auditor is called at all. Now originally i was thinking
> to just make
> a single element in conf.xml. But now i'm wondering; do we want to
> do this on a
> per-zone basis (and therefore put it in zonelist)?
I think it should be configurable on a per-zone basis.
Configuration options could include :
a) turn auditor off completely for the zone (would like to keep this as a
last resort)
b) configure percentage of records which should be checked (ideally
splitting out different checks, such as RRSIG checks)
c) an upper limit of the time spent auditing the zone - simply audit as
much as can be done in the given time
I hope to have some suggestions for sensible options for b) in the next
day or so.
Given that these options only affect the auditor, they could be left
unfrozen for another couple of days without adverse effect on other
components.
Thanks,
Alex.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090714/c171dd72/attachment.htm>
More information about the Opendnssec-develop
mailing list