[Opendnssec-develop] ZoneList revisited

Jakob Schlyter jakob at kirei.se
Sat Mar 28 13:29:39 UTC 2009


I've been thinking about zonelist and how it would be used when you  
have a lot of zones. Based on this I suggest the following changes:

  - remove LastUpdate from ZoneList, the signer can simply fstat() the  
right SignerConf to find out when it was last updated.
  - Move zone-to-policy mapping from KASP to ZoneList/Zone, thus  
making it possible to add zones without changing the policy file.
  - Move adapter configuration from signconf to ZoneList/Zone, the  
enforcer don't really need to know how the zones are fetched.
  - Add signerConfiguration attribute to the ZoneList/Zone to tell the  
signer where to find the SignerConfiguration for a zone.

The result of these changes would be that the signer only needs to be  
fed the ZoneList and all other parameters can be derived from that.
So we have:

  KASP - defines policy. auditable, but free from the actual list of  
zones (one file for all policies).
  ZoneList - defines what zones are to be signed, where the signer can  
find the files and what configuration to use
  SignerConfiguration- signer configuration parameters (one file per  


More information about the Opendnssec-develop mailing list