[Opendnssec-develop] Serial from working directory

sion at nominet.org.uk sion at nominet.org.uk
Wed Nov 25 12:41:28 UTC 2009


> We had a discussion of where to get the current outputted serial from.
> This is needed to calculate the new outputted serial.
>
> Currently, it fetches that serial from the outputted signed zonefile.
> However, if the signed zonefile is moved to a different location, we
> cannot always calculate the new serial (datecounter and counter). So we
> need to fetch it from our internal storage.
>
> There are two suggested solutions to fix this:
> 1 Instead of moving the .finalized file to the output/signed directory,
> leave a copy and fetch the serial from there. Pro: Easiest, Con:
> Requires another copy of the zonefile on disk.
>
> 2 Write out a .serial file which contains the latest outputted serial.
> Pro: (Much) less disk storage. Con: Slightly more difficult.
>
>
> First question:
> Is this something that *needs* to be done before the rc?
> Imo, yes.
>
> Second question:
> What is the preferred method to do this?
> Imo, 2.

I agree, yes and 2... Storing the whole zone seems excessive; also, is the
.finalised file removed when the ods-signer clear ZONE command is issued?

Sion




More information about the Opendnssec-develop mailing list