[Opendnssec-develop] Auditor support

Alex Dalitz AlexD at nominet.org.uk
Thu Feb 3 16:19:36 UTC 2011

> But I am curious of how you see the auditor and future development work. Are you willing to having it adapted to the new adapter functionality? And is it possible, without too much work?

To be honest, I'm not entirely clear what the "new adapter functionality" actually means. If it means IXFR, and reading zone updates from a DB, then I'm not sure how much value the auditor can usefully add (other than checking individual RRSIGs, which are pretty much working correctly now). Key lifetime tracking can still be performed - but, IMHO, it would be better done by a monitor process watching the (possibly private) nameserver (as we have for .uk), rather than an in-line auditor process.

If folks disagree, I'd be quite happy to write a new, stripped-down auditor which only did key lifetime and RRSIG checking. Again, I wouldn't see this as being the default installation option.



More information about the Opendnssec-develop mailing list