[Opendnssec-develop] Inbound AXFR design

Matthijs Mekking matthijs at NLnetLabs.nl
Tue Sep 15 12:09:05 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are my thoughts about the Inbound AXFR design.

Changes to the signer engine:
If <AXFR/> is present in the conf.xml file:
- - See if there is a newly transferred file in the axfr directory.
- - If so, move it to be the input file.
- - Continue with normal operation (read input file adapter, nsec, sign,
  audit, write output).

Consequences for the auditor:
Currently none, since a zone cannot have multiple tasks in parallel. The
auditor will still be able to do the audit on the unsigned input file
and signed output file.

New signer tool, axfr_listener runs as daemon:
- - Listen to NOTIFY messages.
- - If no input file exists or if a NOTIFY is received from a master:
  - do axfr request (nsd-xfer)
  - write result back to axfr directory
  - execute signer_engine_cli update

Matthijs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJKr4PeAAoJEA8yVCPsQCW5E4gH/1epXysEKiOj6eKN2DUZTDNe
7IFvpwEVRG/6SGABAEjmoh2dFc96svDF2wIFmba91yLD6qCR0ASkFFeNR0EOX3ST
+A0sdB3MFgxyh0wqn5pKdQGuwBc5ch4+dGZj295rMPKvbxAFLFAhQDN6tTH+N4CW
TxONvItK1OY70QsdT4uEVs0XWnb6az5IjqJHuFUtO3aWwnFqiKaQU9IcWGK40Ml8
5vQbUEKUu+SSXviin4f/6yOcoZs/CEYwzUVtt45DRQf+qRGZI2r2KCGsKnJoOsHK
nd5IlBKHMXpWXS6Jjz7JOuW/mOGp+MUr3fFtdENHOW/FJnp1GcJ3pbOgWJ+L6TM=
=+a9j
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list