[Opendnssec-develop] common configuration file

Jelte Jansen jelte at NLnetLabs.nl
Tue Mar 31 07:51:11 UTC 2009

Jakob Schlyter wrote:
> it seems that everyone likes YAML (but John hasn't replied yet, so we'll
> wait a bit more). but, since we all have to link with an XML parser, why
> not use XML - or we just need YetAnotherParser in the code (like YAML)?
> this would be my reason to choose ASN.2^H^H^H^H^HXML.
> however, the following paramters are needed (exact syntax TBD):
> enforcer:
>     interval: 3600 seconds
>     keygen-interval: 3 months
>     backup-delay: 3 days
> pkcs11:
>     repository: {
>         sca6k:  /usr/lib/pkcs11.so
>         opensc: /usr/lib/opensc-pkcs11.so
>     }
> question: is there a need to specify a slot# for each key repository? I
> think not as both the enforcer and the signer needs to enumerate all
> possible slots anyway and you can probably force a slot# at key
> generation time.

the engine currently also accepts an optional PIN for a token, and a few
configurable directories (some of which could be 'hard'coded, but the
input and final output dir shouldn't imo).

Oh and i was about to add a config option for alerting an auth server
that zones have changed.


ps. for simplicity, atm it's key: value pairs with hashed comments (like

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20090331/edcf56fb/attachment.bin>

More information about the Opendnssec-develop mailing list