[Opendnssec-develop] Unused policies
sion at nominet.org.uk
sion at nominet.org.uk
Wed Jan 27 13:07:38 UTC 2010
> Hey all,
>
> When you have several policies in your kasp.xml and not using the
> ‘default’ policy in any of the zones in the zonelist, what happens
> with these unused policies, including the default? I keep getting
> warnings and messages about the default policy at every resign even
> though I’m not using it. I would assume it’s not logical to be
> checking all (unused) policies during a resign of one specific
> policy. Slows things down.
Just to clarify, this will be happening when the enforcer runs, not on
resigning.
> In my case I kept getting messages about a full repository, even
> though I’m not even using that repo.
We have a story (in the icebox at the moment) about removing policies
completely. If I also add a story about not checking repo capacity if no
keys need to be generated then I think that we are covered?
You can minimise the amount of work done for an unused policy by setting
the ManualKeyGeneration tag; which I appreciate is not a long term
solution.
Sion
More information about the Opendnssec-develop
mailing list