[Opendnssec-develop] Running with no policies

Sion Lloyd sion at nominet.org.uk
Tue Sep 21 12:24:11 UTC 2010

On Tuesday 21 Sep 2010 11:58:10 am Rick van Rein wrote:
> Hey Sion,
> > http://www.pivotaltracker.com/story/show/4180085
> > 
> > In the kasp.rnc file we specifically say that we require one or more
> > policies... Can anyone think why we have that, or think of a reason why I
> > shouldn't change it to zero or more?
> Zero _zones_ for a policy is a logical consequence of supporting
> subscriptions by members.  But zero policies?  No, I think you want to be
> able to pickup parameters like key sizes, and could not possible run
> OpenDNSSEC without it?

That is not what the story asks for though... And when "policy prune" is 
implemented we may well go to zero policies.

If the system gets into this state then a policy will need to be added before 
any zones can be processed.

Have I misread the story? If so, could you explain what it means?



More information about the Opendnssec-develop mailing list