[Opendnssec-develop] Inbound AXFR design
Matthijs Mekking
matthijs at NLnetLabs.nl
Tue Sep 15 12:09:05 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Here are my thoughts about the Inbound AXFR design.
Changes to the signer engine:
If <AXFR/> is present in the conf.xml file:
- - See if there is a newly transferred file in the axfr directory.
- - If so, move it to be the input file.
- - Continue with normal operation (read input file adapter, nsec, sign,
audit, write output).
Consequences for the auditor:
Currently none, since a zone cannot have multiple tasks in parallel. The
auditor will still be able to do the audit on the unsigned input file
and signed output file.
New signer tool, axfr_listener runs as daemon:
- - Listen to NOTIFY messages.
- - If no input file exists or if a NOTIFY is received from a master:
- do axfr request (nsd-xfer)
- write result back to axfr directory
- execute signer_engine_cli update
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJKr4PeAAoJEA8yVCPsQCW5E4gH/1epXysEKiOj6eKN2DUZTDNe
7IFvpwEVRG/6SGABAEjmoh2dFc96svDF2wIFmba91yLD6qCR0ASkFFeNR0EOX3ST
+A0sdB3MFgxyh0wqn5pKdQGuwBc5ch4+dGZj295rMPKvbxAFLFAhQDN6tTH+N4CW
TxONvItK1OY70QsdT4uEVs0XWnb6az5IjqJHuFUtO3aWwnFqiKaQU9IcWGK40Ml8
5vQbUEKUu+SSXviin4f/6yOcoZs/CEYwzUVtt45DRQf+qRGZI2r2KCGsKnJoOsHK
nd5IlBKHMXpWXS6Jjz7JOuW/mOGp+MUr3fFtdENHOW/FJnp1GcJ3pbOgWJ+L6TM=
=+a9j
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list