[Opendnssec-develop] Partial Auditor
Alexd at nominet.org.uk
Alexd at nominet.org.uk
Tue Feb 23 10:50:54 UTC 2010
> > So, if I understand, the proposal is to have a switch in kasp.xml that
can
> > turn partial auditing on or off. Then, possibly, further configuration
will
> > be in a separate (non-xml) file?
>
> I've always envisioned that all Auditor configuration would be kept
> inside <Audit> in the kasp, i.e. everything inside the <Audit>
> container is passed transparently to the signer configuration so the
> enforcer just needs to read the whole container and dump it when
> writing the signconf. makes sense?
But the Auditor doesn't read the signconf (other than for the NSEC3 salt),
so there is not much point in putting the config there (except for human
debugging, I suppose).
Unless you propose that the signer should read the auditor config and
start the auditor with that config. It seemed a bit unnecessary for the
signer to have to do that, though.
Alex.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20100223/2ac4093e/attachment.htm>
More information about the Opendnssec-develop
mailing list