[Opendnssec-develop] Re: [OpenDNSSEC] #13: "engine: no new signatures, keeping zone" when changing zone parameters

Tue Sep 1 12:08:47 UTC 2009

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FIY

Matthijs Mekking wrote:
> Hi,
> 
> Picking op this ticket. Not sure what to do.
> 
> The report is two-fold.
> 
> 1.
> What to do if the signer engine is presented a new SignerConfiguration
> but no new signatures need to be created. Should we keep the old zone or
> should we force a new output zone?
> 
> In my point of view, we should only output a new zone if new signatures
> where created. So, for example an increased signature refresh value does
> not necessarily result in a new output zone.

Currently, it forces new signatures when a new SignerConfiguration is
detected.

> 2.
> What to do when signer_engine_cli sign <zone> is called. Should we force
> a new output zone or only if new signatures are created?
> 
> In my point of view, again, we should only output a new zone if new
> signatures are created. If the SOA serial changed, we should only output
> a new zone if the SOA/Serial is equal to "keep".

Currently, the old zone is kept if only the SOA serial changes
(regardless of the SOA/Serial value).

> 
> Is this ok?
> 
> Matthijs
> 
> OpenDNSSEC wrote:
>> #13: "engine: no new signatures, keeping zone" when changing zone parameters
>> ---------------------------------+------------------------------------------
>> Reporter:  mattias at nonetwork.se  |        Owner:  matthijs
>>     Type:  defect                |       Status:  assigned
>> Priority:  minor                 |    Component:  Unknown 
>>  Version:                        |   Resolution:          
>> Keywords:                        |  
>> ---------------------------------+------------------------------------------
>> Changes (by jakob):
> 
>>   * owner:  jelte => matthijs
> 
> 
> 
> 
>> ------------------------------------------------------------------------
> 
>> _______________________________________________
>> Opendnssec-develop mailing list
>> Opendnssec-develop at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
> 
_______________________________________________
Opendnssec-develop mailing list
Opendnssec-develop at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJKnQ7MAAoJEA8yVCPsQCW5unIIANcCHm+SuGjZUgWQZWhnhr1p
aMhZXY1Y65bEn3VnYxJrvHaqBnFUs0S+uOaUAPaSd+X8yAR9xWUk5hskXqj/gHK3
siUPOAfH/EXCUcxdGdmTc4Zi76VLAnhJ6cFJDMi//ZNYieVy9ATtMn1sA4w5basD
cM6yDkxdDdUluM2IuA0pbI3H9+By/w5N4ghmtpJtaLt9pkvkzZHHinqRwL8p6Gsl
M5p9ZmcWn1h9Hcl0jn9WIRBiheFPOXdacl0HARfxI9aDvF84eaq8ZhaOdwkN32EK
DJU70yiYO62MlYS4yo53SCyP/NnTR6SZzXQrUIyL1wFZSa1wkEDSgmk5/Bg+rE8=
=rI0N
-----END PGP SIGNATURE-----