[Opendnssec-develop] Inbound AXFR design
matthijs at NLnetLabs.nl
Mon Sep 21 13:08:25 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Jakob Schlyter wrote:
> we just had a discussion about this via Jabber and I think we came to
> the following conclusion:
> - Matthijs implements a stand-alone zonefetcher
> (trunk/OpenDNSSEC/zonefetcher) written in C
> - the zonefetcher will likely have its own configuration file, bascially
> fetch zone Z from master M using tsig secret T (name,algo,secret) and
> write the result into file F.
> F can be specified in the config or maybe fetch from the File adapter
> in the ZoneList.
I'd rather not store the fetched zone into //Adapter/Input/File
directly, because in that way, the unsigned input file could be
overwrited with a new version of the zone, before the auditor have
checked the previous version.
So, you need a different way to specify F, could be in the special
configuration file, but than the signer engine would not know where to
get the transferred zone. So I propose F is specified in the
zonelist.xml, because the zone_fetcher needs to read that anyway and the
signer_engine already does.
> - after an update zone has been fetched, it will poke the signer engine.
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop