[Opendnssec-develop] ZoneList revisited
jakob at kirei.se
Sat Mar 28 13:29:39 UTC 2009
I've been thinking about zonelist and how it would be used when you
have a lot of zones. Based on this I suggest the following changes:
- remove LastUpdate from ZoneList, the signer can simply fstat() the
right SignerConf to find out when it was last updated.
- Move zone-to-policy mapping from KASP to ZoneList/Zone, thus
making it possible to add zones without changing the policy file.
- Move adapter configuration from signconf to ZoneList/Zone, the
enforcer don't really need to know how the zones are fetched.
- Add signerConfiguration attribute to the ZoneList/Zone to tell the
signer where to find the SignerConfiguration for a zone.
The result of these changes would be that the signer only needs to be
fed the ZoneList and all other parameters can be derived from that.
So we have:
KASP - defines policy. auditable, but free from the actual list of
zones (one file for all policies).
ZoneList - defines what zones are to be signed, where the signer can
find the files and what configuration to use
SignerConfiguration- signer configuration parameters (one file per
More information about the Opendnssec-develop