[Opendnssec-develop] Inbound AXFR design

[Matthijs Mekking]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jakob Schlyter wrote:
> we just had a discussion about this via Jabber and I think we came to
> the following conclusion:
> 
> - Matthijs implements a stand-alone zonefetcher
> (trunk/OpenDNSSEC/zonefetcher) written in C
> - the zonefetcher will likely have its own configuration file, bascially
> saying:
> 
>   fetch zone Z from master M using tsig secret T (name,algo,secret) and
> write the result into file F.
>   F can be specified in the config or maybe fetch from the File adapter
> in the ZoneList.

I'd rather not store the fetched zone into //Adapter/Input/File
directly, because in that way, the unsigned input file could be
overwrited with a new version of the zone, before the auditor have
checked the previous version.

So, you need a different way to specify F, could be in the special
configuration file, but than the signer engine would not know where to
get the transferred zone. So I propose F is specified in the
zonelist.xml, because the zone_fetcher needs to read that anyway and the
signer_engine already does.

Matthijs


> 
> - after an update zone has been fetched, it will poke the signer engine.
> 
> 
>     jakob
> 
> 
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJKt3rGAAoJEA8yVCPsQCW5814IALmTnPjWhhugACxB4SNf4MVe
eEseTV85n6pqEueKliIWK15JXxJLE7jMOXrSv/kBdVDelj317hXkQnFoaWRRGtZA
+fZXQlAaQKmUTO88oZYZv5slOESsgk+EaXbFRLXO3uN5wXjge3Rih4iKqc3T5QMj
BRaMyUTddlpcAMfdh9fpS9fLnYrhvmEeo2luM2lmin0n7v3eHHlfGCBL+lXYU4ma
UH6nuAqn3WbgLfKXw+90Q7EKM5b9hBrfBCNLcGkuQRTCeNPyanB4owsfwG4Av7Qh
g9kL9NNJKrvVSdNuDCwdPJ2vF+EqocYldjCzQ2OpSPyaH0HSixqaJD80wMB138k=
=rAoJ
-----END PGP SIGNATURE-----