[Opendnssec-develop] Partial Auditor

sion at nominet.org.uk sion at nominet.org.uk
Tue Feb 23 11:02:55 UTC 2010

> > > So, if I understand, the proposal is to have a switch in kasp.xml
that can
> > > turn partial auditing on or off. Then, possibly, further
> configuration will
> > > be in a separate (non-xml) file?
> >
> > I've always envisioned that all Auditor configuration would be kept
> > inside <Audit> in the kasp, i.e. everything inside the <Audit>
> > container is passed transparently to the signer configuration so the
> > enforcer just needs to read the whole container and dump it when
> > writing the signconf. makes sense?
> But the Auditor doesn't read the signconf (other than for the NSEC3
> salt), so there is not much point in putting the config there
> (except for human debugging, I suppose).
> Unless you propose that the signer should read the auditor config
> and start the auditor with that config. It seemed a bit unnecessary
> for the signer to have to do that, though.

I think that we need to worry more about the extra work that users need to
do to configure the system.

That is the only reason I was uneasy about having an extra file.


More information about the Opendnssec-develop mailing list