[Opendnssec-develop] Partial Auditor

Alexd at nominet.org.uk Alexd at nominet.org.uk
Tue Feb 23 10:50:54 UTC 2010


> > So, if I understand, the proposal is to have a switch in kasp.xml that 
can
> > turn partial auditing on or off. Then, possibly, further configuration 
will
> > be in a separate (non-xml) file?
> 
> I've always envisioned that all Auditor configuration would be kept 
> inside <Audit> in the kasp, i.e. everything inside the <Audit> 
> container is passed transparently to the signer configuration so the
> enforcer just needs to read the whole container and dump it when 
> writing the signconf. makes sense?

But the Auditor doesn't read the signconf (other than for the NSEC3 salt), 
so there is not much point in putting the config there (except for human 
debugging, I suppose).

Unless you propose that the signer should read the auditor config and 
start the auditor with that config. It seemed a bit unnecessary for the 
signer to have to do that, though.


Alex.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20100223/2ac4093e/attachment.htm>


More information about the Opendnssec-develop mailing list