From owner-dnssec-trac at kirei.se Wed Nov 2 08:35:12 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Wed, 02 Nov 2011 08:35:12 -0000 Subject: [Opendnssec-develop] =?utf-8?b?UmU6IFtPcGVuRE5TU0VDXSAjMjYzOiBV?= =?utf-8?q?buntu_pakkage_dpkgopendnssec-enforcer-mysql_broken_=C3=A2=5E?= =?utf-8?b?w4hew5JtYWludHNjcmlwdMOiXsOIXsOSaGVscGVy?= In-Reply-To: <050.f87d69e20a1058133bf07b108e670c75@kirei.se> References: <050.f87d69e20a1058133bf07b108e670c75@kirei.se> Message-ID: <065.259828c9d73277f30da8a3b344b1a9d1@kirei.se> #263: Ubuntu pakkage dpkgopendnssec-enforcer-mysql broken ?^?^?maintscript?^?^?helper -------------------------+-------------------------------------------------- Reporter: bas@? | Owner: sion Type: defect | Status: closed Priority: trivial | Component: Enforcer Version: 1.3.0 | Resolution: invalid Keywords: | -------------------------+-------------------------------------------------- Changes (by rb): * status: new => closed * resolution: => invalid Comment: Please contact the package maintainer for !Ubuntu/Debian, Ond?ej Sur?. https://launchpad.net/~pkg-opendnssec/+archive/ppa/ http://packages.debian.org/sid/opendnssec -- Ticket URL: OpenDNSSEC OpenDNSSEC From rickard at opendnssec.org Wed Nov 2 08:38:21 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 2 Nov 2011 09:38:21 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 Message-ID: Hi There are now a number of fixes that we would like to release for the 1.3.3. Are there anything else that needs to be included or are not finished? Bugfix #262? // Rickard From matthijs at NLnetLabs.nl Wed Nov 2 08:44:38 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Wed, 02 Nov 2011 09:44:38 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: References: Message-ID: <4EB102F6.5050707@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Auditor cannot handle smtp TXT RRs https://www.pivotaltracker.com/story/show/20066019 * Auditor cannot handle SSHFP RRs https://www.pivotaltracker.com/story/show/20065971 * NSEC3PARAM left in records after switch NSEC3->NSEC https://www.pivotaltracker.com/story/show/19686881 (is done, but needs to be accepted) And two less reproducible issues: * ods-signer killed / ods-auditor defunct (.ie) But this issue has not been nailed down yet. * Wytze from CAcert reported that if you issue a ds-seen after the KSK lifetime has passed, you cannot finish the rollover. Haven't investigated this yet. Best regards, Matthijs On 11/02/2011 09:38 AM, Rickard Bellgrim wrote: > Hi > > There are now a number of fixes that we would like to release for the > 1.3.3. Are there anything else that needs to be included or are not > finished? > > Bugfix #262? > > // Rickard > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOsQL2AAoJEA8yVCPsQCW5NTsIAImS6Oap4iuWoA9p3O+kiRCo dH1mZty/wTLXrCCu7HVxa8YqjOVBJatgBJ7DUUEC6KC9oDemQhS/b7xg3fc+3RsH CVOCS1+9Hcz1eYKlzbXvzuLY9JidZz+b08I7lDhdlvfBcwPydFt4tL0D05ivi3ml u3Mn+YTU04PAwL3LeRluLekETjutUrrcOyZzXO9rQkWKhXKQCar1CyuTlTNZjsMS +/W8ae2jeQ2rUDyqsJzOMa6EduOKE/yq04Tf47yLz0KFrpdSliG+HAxiII4L/CDi QIY+j3TWBwY2WwReFDpZkxGnWEPJRXNDp+AOZs1eqlGBfPsWhNRYM0TilCX8J8Q= =82at -----END PGP SIGNATURE----- From rickard at opendnssec.org Wed Nov 2 09:18:51 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 2 Nov 2011 10:18:51 +0100 Subject: [Opendnssec-develop] Meeting in Stockholm Message-ID: Hi I have written a draft agenda for the Stockholm meeting. It is not complete and I know I have more topics to add. I created it so that you can participate in the creation of it. Please fill it with more interesting topics: https://wiki.opendnssec.org/display/OpenDNSSEC/2011-11-10+Agenda // Rickard From AlexD at nominet.org.uk Wed Nov 2 09:36:09 2011 From: AlexD at nominet.org.uk (Alex Dalitz) Date: Wed, 2 Nov 2011 09:36:09 +0000 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: <4EB102F6.5050707@nlnetlabs.nl> References: <4EB102F6.5050707@nlnetlabs.nl> Message-ID: Hi - On 2 Nov 2011, at 08:44, Matthijs Mekking wrote: > * Auditor cannot handle smtp TXT RRs > https://www.pivotaltracker.com/story/show/20066019 > > * Auditor cannot handle SSHFP RRs > https://www.pivotaltracker.com/story/show/20065971 > > And two less reproducible issues: > > * ods-signer killed / ods-auditor defunct (.ie) > But this issue has not been nailed down yet. I'm now back online, and hope to be able to look at these issues in the next few days. HTH, Alex. From jerry at opendnssec.org Wed Nov 2 13:31:50 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Wed, 02 Nov 2011 14:31:50 +0100 Subject: [Opendnssec-develop] Moving to JIRA today, closing pivotal at 15.00 CET In-Reply-To: Message-ID: Hi, We will close pivotal today at 15.00 and then import all issues to JIRA. After that it will take some time to move the active issues into the right project and the history will be kept in separate import/history project. There are some changes to the structure that was described in other emails. There will only be one Support project. The versions in this project will be prefixed by OpenDNSSEC/SoftHSM. All components from the development projects will be included and mixed together. We won't be enabling creating issues via email, so email will only be used for status updates. If you have any objections, its in due time to speak up :) /Jerry From sara at sinodun.com Wed Nov 2 13:52:47 2011 From: sara at sinodun.com (Sara Dickinson) Date: Wed, 2 Nov 2011 14:52:47 +0100 Subject: [Opendnssec-develop] RE: RIPE 63 OAD Meeting minutes Message-ID: <76D1BB5C-2505-425B-BB71-7FB2F6B4E6AA@sinodun.com> All, The minutes from the meeting yesterday are available for review here: https://wiki.opendnssec.org/display/OAB/RIPE+63+OAB+meeting - You will need a Confluence login to view them. Sign up through the webpage and Jakob can approve the request. - Please let me know if any corrections are required. - Since it wasn't clear if the minutes were public or not... I suggest we publish just the "Key updates and Action items" to the public wiki to save some reading for everyone.... I'll do this next Monday unless anyone objects? - There are 2 action items not assigned to anyone - volunteers welcome! Sara. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jakob at kirei.se Wed Nov 2 14:03:18 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Wed, 2 Nov 2011 15:03:18 +0100 Subject: [Opendnssec-develop] RE: RIPE 63 OAD Meeting minutes In-Reply-To: <76D1BB5C-2505-425B-BB71-7FB2F6B4E6AA@sinodun.com> References: <76D1BB5C-2505-425B-BB71-7FB2F6B4E6AA@sinodun.com> Message-ID: On 2 nov 2011, at 14:52, Sara Dickinson wrote: > The minutes from the meeting yesterday are available for review here: ... for OAB members only at this point. The minutes will be made public later. jakob From jerry at opendnssec.org Wed Nov 2 15:29:52 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Wed, 02 Nov 2011 16:29:52 +0100 Subject: [Opendnssec-develop] Re: Moving to JIRA today, closing pivotal at 15.00 CET In-Reply-To: Message-ID: Everything is imported now. Issues for iteration 125 are mapped to version 1.3.3, for iteration 126 its put in the right one (1.4.0/1.5.0/2.0.0). For everything is the Icebox its now in a "Future Release"-version. I hope it works! /Jerry From jakob at kirei.se Wed Nov 2 17:27:26 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Wed, 2 Nov 2011 18:27:26 +0100 Subject: [Opendnssec-develop] Moving to JIRA today, closing pivotal at 15.00 CET In-Reply-To: References: Message-ID: <3307025A-4349-40C7-BAE5-1334B7C1D7EF@kirei.se> On 2 nov 2011, at 16:29, Jerry Lundstr?m wrote: > I hope it works! Nice work! bugs.opendnssec.org is now redirected to JIRA and new tickets in track has been disabled. Could you send an update to the users list describing the new bug report procedures? jakob From jerry at opendnssec.org Thu Nov 3 08:37:56 2011 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 3 Nov 2011 09:37:56 +0100 Subject: [Opendnssec-develop] Moving to JIRA today, closing pivotal at 15.00 CET In-Reply-To: <3307025A-4349-40C7-BAE5-1334B7C1D7EF@kirei.se> References: <3307025A-4349-40C7-BAE5-1334B7C1D7EF@kirei.se> Message-ID: <-6189849711916525012@unknownmsgid> Ofc but I want to make a wiki page about JIRA and all of the work flows :) Right now there is a bit more work needed to be done. When I imported it wanted a reporter for some issues and it apparently replaced all reporters on a bunch of issues instead of filling in the missing ones. So I will have to manually go through some 100+ issues and fix it :) /Jerry On 2 nov 2011, at 18:27, Jakob Schlyter wrote: > On 2 nov 2011, at 16:29, Jerry Lundstr?m wrote: > >> I hope it works! > > Nice work! > > bugs.opendnssec.org is now redirected to JIRA and new tickets in track has been disabled. > > Could you send an update to the users list describing the new bug report procedures? > > jakob > From jerry at opendnssec.org Thu Nov 3 11:43:08 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Thu, 03 Nov 2011 12:43:08 +0100 Subject: [Opendnssec-develop] Moving to JIRA today, closing pivotal at 15.00 CET In-Reply-To: <-6189849711916525012@unknownmsgid> Message-ID: On 2011-11-03 09.37, Jerry Lundstr?m wrote: >Right now there is a bit more work needed to be done. When I imported >it wanted a reporter for some issues and it apparently replaced all >reporters on a bunch of issues instead of filling in the missing ones. >So I will have to manually go through some 100+ issues and fix it :) So I have fixed most of the reporters now and there was some 70+ email going out also. I had to select a priority on the issues I changed so I picked Minor, so please check the issues your a reporter for and change the priority if its not correct. It would be good if everyone looks at the issues that are assign to them and if you don't feel its your issues set the assignee to unassigned. /Jerry From roland.vanrijswijk at surfnet.nl Thu Nov 3 11:46:29 2011 From: roland.vanrijswijk at surfnet.nl (Roland van Rijswijk) Date: Thu, 03 Nov 2011 12:46:29 +0100 (CET) Subject: [Opendnssec-develop] JIRA VM restart at 16h today Message-ID: <45AB42E0-A13C-422A-A777-D1420F422D4E@surfnet.nl> Hi all, To improve the performance of the JIRA VM, I have asked Prolocation to add more memory to the VM. This requires a restart which we have scheduled for 16h CET today. Cheers, Roland From Roland.vanRijswijk at surfnet.nl Fri Nov 4 12:50:32 2011 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Fri, 4 Nov 2011 13:50:32 +0100 Subject: [Opendnssec-develop] JIRA performance improved? Message-ID: <5E951DA7-1D8D-4864-ABC9-1A5DF7B052DC@surfnet.nl> Hi all, Quick question: we upgraded the JIRA VM yesterday to give it some more memory. My experience is that the performance has improved, can you guys confirm this? If so, I can close the ticket, otherwise I'll have to ask the sysadmins to look into it some more. Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From matthijs at NLnetLabs.nl Fri Nov 4 12:52:23 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Fri, 04 Nov 2011 13:52:23 +0100 Subject: [Opendnssec-develop] JIRA performance improved? In-Reply-To: <5E951DA7-1D8D-4864-ABC9-1A5DF7B052DC@surfnet.nl> References: <5E951DA7-1D8D-4864-ABC9-1A5DF7B052DC@surfnet.nl> Message-ID: <4EB3E007.8080906@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Works much better for me. Faster and it even loads the css now! Best regards, Matthijs On 11/04/2011 01:50 PM, Roland van Rijswijk wrote: > Hi all, > > Quick question: we upgraded the JIRA VM yesterday to give it some more memory. My experience is that the performance has improved, can you guys confirm this? If so, I can close the ticket, otherwise I'll have to ask the sysadmins to look into it some more. > > Cheers, > > Roland > > -- Roland M. van Rijswijk > -- SURFnet Middleware Services > -- t: +31-30-2305388 > -- e: roland.vanrijswijk at surfnet.nl > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOs+AHAAoJEA8yVCPsQCW5Rb4H+wXU4I5L5szI6/7RvZncSOEr 6mtycuUbhcm3PGrypbP2SOY/EadEUai9RpbriGbiw4vVZqOhkmhjWfvCnBrE9S4m P4jKe4MkyeTjPXrNn+OUWHTbxaAX8b7uzE9VZB/HAP6TCM+MXzEt7vL4xoydr3XD 1PqZVkEwB2wdwQfL3pExFkQdQ21EN/McXvFTelxtUHnIkPZs6g8hjvfoFne4sP3t 3ip0AUmi1p0YEdMVzOsJJSHrG6nta/JTGUsnLSuZLYOV4z3uTcsn8gBBW38ZI7jg Aed/gzrx6QtO4pKPtaSWve7RKj2EmSAbDXvLoWzDn4XZ3z6malzuYw35rv+lGdo= =hnO6 -----END PGP SIGNATURE----- From AlexD at nominet.org.uk Fri Nov 4 13:01:07 2011 From: AlexD at nominet.org.uk (Alex Dalitz) Date: Fri, 4 Nov 2011 13:01:07 +0000 Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor Message-ID: Hi - The auditor has been a useful testing and debugging tool doing the early releases of OpenDNSSEC. However, it has complicated the build system with its dependency on Ruby. It has been a long time since the auditor found a genuine problem with OpenDNSSEC - instead, it has been the cause of several issues which have confused users. There are now other tools available which can check the contents of signed zones - although these may not provide all of the policy checks provided by the auditor, they do check many DNSSEC attributes (e.g. NSEC(3) chains, RRSIGs, etc.). It seems to me that it is now time to retire the auditor, starting from version 1.4. This would also remove all the nasty Ruby dependencies from OpenDNSSEC. What does everyone else think? Thanks, Alex. From nick.vandenheuvel at sidn.nl Fri Nov 4 13:07:06 2011 From: nick.vandenheuvel at sidn.nl (Nick van den Heuvel) Date: Fri, 4 Nov 2011 13:07:06 +0000 Subject: [Opendnssec-develop] RE: OpenDNSSEC 1.4 and the auditor In-Reply-To: References: Message-ID: <8379DE00FDBE1B4F95522D088EC260DD145545@kambx2.SIDN.local> Hi Alex, Maybe it's wise to consult our users. I can imagine that some of them use the auditor in their signing process. On the other hand if we have a clear overview of our development and test processes we can remove the auditor from OpenDNSSEC. Regards, Nick Met vriendelijke groet, Nick van den Heuvel Test analist SIDN | Meander 501 | 6825 MD | Postbus 5022 | 6802 EA | ARNHEM T +31 (0)26 352 55 93 | F +31 (0)26 352 55 05 | jabber: nick.vandenheuvel at jabber.sidn.nl nick.vandenheuvel at sidn.nl | www.sidn.nl SIDN heeft een nieuw domein! Sinds 31 oktober zijn wij gevestigd op een nieuw adres: Meander 501, 6825 MD Arnhem. Het postadres en de telefoonnummers blijven ongewijzigd. SIDN has a new domain! Since 31 October, our office address is: Meander 501, 6825 MD Arnhem, The Netherlands. Our postal address and phone numbers remain unchanged. -----Original Message----- From: opendnssec-develop-bounces at lists.opendnssec.org [mailto:opendnssec-develop-bounces at lists.opendnssec.org] On Behalf Of Alex Dalitz Sent: vrijdag 4 november 2011 14:01 To: Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor Hi - The auditor has been a useful testing and debugging tool doing the early releases of OpenDNSSEC. However, it has complicated the build system with its dependency on Ruby. It has been a long time since the auditor found a genuine problem with OpenDNSSEC - instead, it has been the cause of several issues which have confused users. There are now other tools available which can check the contents of signed zones - although these may not provide all of the policy checks provided by the auditor, they do check many DNSSEC attributes (e.g. NSEC(3) chains, RRSIGs, etc.). It seems to me that it is now time to retire the auditor, starting from version 1.4. This would also remove all the nasty Ruby dependencies from OpenDNSSEC. What does everyone else think? Thanks, Alex._______________________________________________ Opendnssec-develop mailing list Opendnssec-develop at lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From jakob at kirei.se Fri Nov 4 13:11:19 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Fri, 4 Nov 2011 14:11:19 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor In-Reply-To: References: Message-ID: On 4 nov 2011, at 14:01, Alex Dalitz wrote: > It seems to me that it is now time to retire the auditor, starting from version 1.4. This would also remove all the nasty Ruby dependencies from OpenDNSSEC. > > What does everyone else think? I believe is the right decision and we came to the same conclusion at the OAB meeting earlier this week. We did however suggest that the auditor is kept in the tree (i.e., in trunk/auditor) and that the hook to call an auditor (which could be the legacy one, or something like validns) is kept in the signer engine. jakob -- Jakob Schlyter Kirei AB - http://www.kirei.se/ From nick.vandenheuvel at sidn.nl Fri Nov 4 13:13:34 2011 From: nick.vandenheuvel at sidn.nl (Nick van den Heuvel) Date: Fri, 4 Nov 2011 13:13:34 +0000 Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor In-Reply-To: References: Message-ID: <8379DE00FDBE1B4F95522D088EC260DD145557@kambx2.SIDN.local> So auditor default off in OpenDNSSEC? Met vriendelijke groet, Nick van den Heuvel Test analist SIDN | Meander 501 | 6825 MD | Postbus 5022 | 6802 EA | ARNHEM T +31 (0)26 352 55 93 | F +31 (0)26 352 55 05 | jabber: nick.vandenheuvel at jabber.sidn.nl nick.vandenheuvel at sidn.nl | www.sidn.nl SIDN heeft een nieuw domein! Sinds 31 oktober zijn wij gevestigd op een nieuw adres: Meander 501, 6825 MD Arnhem. Het postadres en de telefoonnummers blijven ongewijzigd. SIDN has a new domain! Since 31 October, our office address is: Meander 501, 6825 MD Arnhem, The Netherlands. Our postal address and phone numbers remain unchanged. -----Original Message----- From: opendnssec-develop-bounces at lists.opendnssec.org [mailto:opendnssec-develop-bounces at lists.opendnssec.org] On Behalf Of Jakob Schlyter Sent: vrijdag 4 november 2011 14:11 To: Alex Dalitz Cc: Subject: Re: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor On 4 nov 2011, at 14:01, Alex Dalitz wrote: > It seems to me that it is now time to retire the auditor, starting from version 1.4. This would also remove all the nasty Ruby dependencies from OpenDNSSEC. > > What does everyone else think? I believe is the right decision and we came to the same conclusion at the OAB meeting earlier this week. We did however suggest that the auditor is kept in the tree (i.e., in trunk/auditor) and that the hook to call an auditor (which could be the legacy one, or something like validns) is kept in the signer engine. jakob -- Jakob Schlyter Kirei AB - http://www.kirei.se/ _______________________________________________ Opendnssec-develop mailing list Opendnssec-develop at lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From rickard at opendnssec.org Fri Nov 4 13:14:58 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Fri, 4 Nov 2011 14:14:58 +0100 Subject: [Opendnssec-develop] JIRA performance improved? In-Reply-To: <4EB3E007.8080906@nlnetlabs.nl> References: <5E951DA7-1D8D-4864-ABC9-1A5DF7B052DC@surfnet.nl> <4EB3E007.8080906@nlnetlabs.nl> Message-ID: Much better, thanks! On Fri, Nov 4, 2011 at 1:52 PM, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Works much better for me. Faster and it even loads the css now! > > Best regards, > Matthijs > > On 11/04/2011 01:50 PM, Roland van Rijswijk wrote: >> Hi all, >> >> Quick question: we upgraded the JIRA VM yesterday to give it some more memory. My experience is that the performance has improved, can you guys confirm this? If so, I can close the ticket, otherwise I'll have to ask the sysadmins to look into it some more. >> >> Cheers, >> >> Roland >> >> -- Roland M. van Rijswijk >> -- SURFnet Middleware Services >> -- t: +31-30-2305388 >> -- e: roland.vanrijswijk at surfnet.nl >> >> _______________________________________________ >> Opendnssec-develop mailing list >> Opendnssec-develop at lists.opendnssec.org >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJOs+AHAAoJEA8yVCPsQCW5Rb4H+wXU4I5L5szI6/7RvZncSOEr > 6mtycuUbhcm3PGrypbP2SOY/EadEUai9RpbriGbiw4vVZqOhkmhjWfvCnBrE9S4m > P4jKe4MkyeTjPXrNn+OUWHTbxaAX8b7uzE9VZB/HAP6TCM+MXzEt7vL4xoydr3XD > 1PqZVkEwB2wdwQfL3pExFkQdQ21EN/McXvFTelxtUHnIkPZs6g8hjvfoFne4sP3t > 3ip0AUmi1p0YEdMVzOsJJSHrG6nta/JTGUsnLSuZLYOV4z3uTcsn8gBBW38ZI7jg > Aed/gzrx6QtO4pKPtaSWve7RKj2EmSAbDXvLoWzDn4XZ3z6malzuYw35rv+lGdo= > =hnO6 > -----END PGP SIGNATURE----- > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > From jakob at kirei.se Fri Nov 4 13:17:22 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Fri, 4 Nov 2011 14:17:22 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor In-Reply-To: <8379DE00FDBE1B4F95522D088EC260DD145557@kambx2.SIDN.local> References: <8379DE00FDBE1B4F95522D088EC260DD145557@kambx2.SIDN.local> Message-ID: <9E03099C-DC27-45BE-AE41-8FA699FAB9C1@kirei.se> On 4 nov 2011, at 14:13, Nick van den Heuvel wrote: > So auditor default off in OpenDNSSEC? Yes, the auditor is already default off in trunk/ (to be 1.4). After 1.4 has been release, we'll move it out of the tree. jakob From AlexD at nominet.org.uk Fri Nov 4 13:18:12 2011 From: AlexD at nominet.org.uk (Alex Dalitz) Date: Fri, 4 Nov 2011 13:18:12 +0000 Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor In-Reply-To: <8379DE00FDBE1B4F95522D088EC260DD145557@kambx2.SIDN.local> References: <8379DE00FDBE1B4F95522D088EC260DD145557@kambx2.SIDN.local> Message-ID: > So auditor default off in OpenDNSSEC? I think the auditor is _already_ default off. I was proposing removing it from the build system, so it wasn't even installed. Jakob is suggesting keeping it in the source tree, outside of the OpenDNSSEC project, but leaving hooks in the signer in case a user wishes to install it separately. I'm not sure if this requires keeping the auditor up to date - and, if so, whether it is worth the effort. Alex. From AlexD at nominet.org.uk Fri Nov 4 13:19:10 2011 From: AlexD at nominet.org.uk (Alex Dalitz) Date: Fri, 4 Nov 2011 13:19:10 +0000 Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor In-Reply-To: <9E03099C-DC27-45BE-AE41-8FA699FAB9C1@kirei.se> References: <8379DE00FDBE1B4F95522D088EC260DD145557@kambx2.SIDN.local> <9E03099C-DC27-45BE-AE41-8FA699FAB9C1@kirei.se> Message-ID: <0040DD18-D8A6-4FA9-AF4A-85206EFFC956@nominet.org.uk> > Yes, the auditor is already default off in trunk/ (to be 1.4). After 1.4 has been release, we'll move it out of the tree. _AFTER_ the 1.4 release? I had been assuming removal after the 1.3 branch... Alex. From jakob at kirei.se Fri Nov 4 14:28:04 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Fri, 4 Nov 2011 15:28:04 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor In-Reply-To: <0040DD18-D8A6-4FA9-AF4A-85206EFFC956@nominet.org.uk> References: <8379DE00FDBE1B4F95522D088EC260DD145557@kambx2.SIDN.local> <9E03099C-DC27-45BE-AE41-8FA699FAB9C1@kirei.se> <0040DD18-D8A6-4FA9-AF4A-85206EFFC956@nominet.org.uk> Message-ID: On 4 nov 2011, at 14:19, Alex Dalitz wrote: >> Yes, the auditor is already default off in trunk/ (to be 1.4). After 1.4 has been release, we'll move it out of the tree. > > _AFTER_ the 1.4 release? I had been assuming removal after the 1.3 branch... We'll discuss this in Stockholm, although I agree that we might want to remove it earlier (asap). jakob From rickard at opendnssec.org Mon Nov 7 13:32:45 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 7 Nov 2011 14:32:45 +0100 Subject: [Opendnssec-develop] Moving to JIRA today, closing pivotal at 15.00 CET In-Reply-To: References: Message-ID: > We will close pivotal today at 15.00 and then import all issues to JIRA. > After that it will take some time to move the active issues into the right > project and the history will be kept in separate import/history project. Does this mean that we can close down the Pivotal Tracker? And stop using it? And only use Jira? // Rickard From jakob at kirei.se Mon Nov 7 13:34:36 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Mon, 7 Nov 2011 14:34:36 +0100 Subject: [Opendnssec-develop] Moving to JIRA today, closing pivotal at 15.00 CET In-Reply-To: References: Message-ID: <2EE19CC6-89FF-4003-AE74-6E7396800A8A@kirei.se> On 7 nov 2011, at 14:32, Rickard Bellgrim wrote: >> We will close pivotal today at 15.00 and then import all issues to JIRA. >> After that it will take some time to move the active issues into the right >> project and the history will be kept in separate import/history project. > > Does this mean that we can close down the Pivotal Tracker? No, it is kept as read-only for now. > And stop using it? Yes. > And only use Jira? Yes. j From rickard at opendnssec.org Mon Nov 7 14:21:55 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 7 Nov 2011 15:21:55 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: <4EB102F6.5050707@nlnetlabs.nl> References: <4EB102F6.5050707@nlnetlabs.nl> Message-ID: Hi Some status update on this release: *** OPENDNSSEC-18 NSEC3PARAM left in records after switch NSEC3->NSEC Waiting for testing by Jerry *** OPENDNSSEC-17 Auditor cannot handle SSHFP RRs Waiting for testing by Matthijs *** OPENDNSSEC-16 Auditor cannot handle smtp TXT RRs Waiting for testing by Matthijs *** OPENDNSSEC-20 Not setting the retire time Waiting for port to 1.3 branch *** OPENDNSSEC-8 Auditor should log exit code Waiting for testing by Jakob *** Require newer version of dnsruby Release new version of dnsruby, once all fixes has been accepted. **** OPENDNSSEC-25 Add support for enforcing policy for a root zone Is this one fixed? > * ods-signer killed / ods-auditor defunct (.ie) > ?But this issue has not been nailed down yet. Have we created an issue for this one? > * Wytze from CAcert reported that if you issue a ds-seen > ?after the KSK lifetime has passed, you cannot finish > ?the rollover. Haven't investigated this yet. Have we created an issue for this one? // Rickard From jerry at opendnssec.org Tue Nov 8 08:46:27 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Tue, 08 Nov 2011 09:46:27 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: Message-ID: On 2011-11-07 15.21, Rickard Bellgrim wrote: >*** OPENDNSSEC-18 NSEC3PARAM left in records after switch NSEC3->NSEC >Waiting for testing by Jerry Could someone else verify this please? My environments are not set up for this right now. /Jerry From matthijs at NLnetLabs.nl Tue Nov 8 09:19:32 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Tue, 08 Nov 2011 10:19:32 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: References: <4EB102F6.5050707@nlnetlabs.nl> Message-ID: <4EB8F424.9050404@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/07/2011 03:21 PM, Rickard Bellgrim wrote: > Hi > > Some status update on this release: > > *** OPENDNSSEC-18 NSEC3PARAM left in records after switch NSEC3->NSEC > Waiting for testing by Jerry > > *** OPENDNSSEC-17 Auditor cannot handle SSHFP RRs > Waiting for testing by Matthijs Done. > > *** OPENDNSSEC-16 Auditor cannot handle smtp TXT RRs > Waiting for testing by Matthijs Done. > > *** OPENDNSSEC-20 Not setting the retire time > Waiting for port to 1.3 branch > > *** OPENDNSSEC-8 Auditor should log exit code > Waiting for testing by Jakob > > *** Require newer version of dnsruby > Release new version of dnsruby, once all fixes has been accepted. > > **** OPENDNSSEC-25 Add support for enforcing policy for a root zone > Is this one fixed? > >> * ods-signer killed / ods-auditor defunct (.ie) >> But this issue has not been nailed down yet. > > Have we created an issue for this one? No. > >> * Wytze from CAcert reported that if you issue a ds-seen >> after the KSK lifetime has passed, you cannot finish >> the rollover. Haven't investigated this yet. > > Have we created an issue for this one? No. Matthijs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOuPQkAAoJEA8yVCPsQCW51vIH/jYrbX8gYCWpCgghlNp2ohVX JtS6/E8RMlrruBNECmsygvmzGl32oKxjU84sgnEbWmXveTYdiVvNeiEVC7roCWN1 1XvqhKUWGKD5MBziU9zXQgvLMBcLl9uCO4evG5XxlA/IU/izPlxcyAjZxrK1HR9L G5nRDFQWzoylXb/RETj6Q/776Uemk5ISf3RwWWXMYsH/d28QklbMzH/kdUQqFb44 wOb4w9yc/zSo7h1dYm5yJsA4cps7zEPWEjZ6tl1GH9cZCN0pe8AwKsTfA5uLfsR/ XrF0UIGgY5sERFpahHiQMBb0fuw6DUYUybMnoQQR6sLkLWyVwUmq1RboPkuabDE= =GOCV -----END PGP SIGNATURE----- From sion at nominet.org.uk Tue Nov 8 09:30:46 2011 From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=) Date: Tue, 8 Nov 2011 09:30:46 +0000 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: References: <4EB102F6.5050707@nlnetlabs.nl> Message-ID: <4EB8F6C6.1060309@nominet.org.uk> On 07/11/11 14:21, Rickard Bellgrim wrote: > Hi > > Some status update on this release: > > > *** OPENDNSSEC-20 Not setting the retire time > Waiting for port to 1.3 branch I'll work on that today. > **** OPENDNSSEC-25 Add support for enforcing policy for a root zone > Is this one fixed? I think it is, but maybe not in the 1.3 branch... I'll check that today also. From rickard at opendnssec.org Tue Nov 8 10:24:50 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 8 Nov 2011 11:24:50 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: References: Message-ID: >>*** OPENDNSSEC-18 NSEC3PARAM left in records after switch NSEC3->NSEC >>Waiting for testing by Jerry > > Could someone else verify this please? > > My environments are not set up for this right now. Done From rickard at opendnssec.org Tue Nov 8 10:27:49 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 8 Nov 2011 11:27:49 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: <4EB8F424.9050404@nlnetlabs.nl> References: <4EB102F6.5050707@nlnetlabs.nl> <4EB8F424.9050404@nlnetlabs.nl> Message-ID: >>> * ods-signer killed / ods-auditor defunct (.ie) >>> ?But this issue has not been nailed down yet. >> >> Have we created an issue for this one? > > No. Status? Should we create a story for this one for the 1.3.4 release? >>> * Wytze from CAcert reported that if you issue a ds-seen >>> ?after the KSK lifetime has passed, you cannot finish >>> ?the rollover. Haven't investigated this yet. >> >> Have we created an issue for this one? > > No. Sion, could you create a story for this one and investigate it? Add it to the 1.3.4 release. From roy at nominet.org.uk Tue Nov 8 12:19:05 2011 From: roy at nominet.org.uk (Roy Arends) Date: Tue, 8 Nov 2011 12:19:05 +0000 Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor In-Reply-To: Message-ID: Hi all, I understand the auditor is default _off_ in ODS1.3. I see no point in keeping it in ODS1.4, and therefor want it removed completely. Alex will fix bugs, if any, on the older versions. Roy On 11/4/11 2:28 PM, "Jakob Schlyter" wrote: >On 4 nov 2011, at 14:19, Alex Dalitz wrote: > >>> Yes, the auditor is already default off in trunk/ (to be 1.4). After >>>1.4 has been release, we'll move it out of the tree. >> >> _AFTER_ the 1.4 release? I had been assuming removal after the 1.3 >>branch... > >We'll discuss this in Stockholm, although I agree that we might want to >remove it earlier (asap). > > jakob > >_______________________________________________ >Opendnssec-develop mailing list >Opendnssec-develop at lists.opendnssec.org >https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From matthijs at NLnetLabs.nl Tue Nov 8 12:40:41 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Tue, 08 Nov 2011 13:40:41 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor In-Reply-To: References: Message-ID: <4EB92349.1040400@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We'll have to discuss this week in more detail how the auditing process will work in 1.4. My first suggestion was an optional element in conf.xml /path_to_auditor/binary -z %zone ... which will be called by the signer instead of the current auditor. We'll have to make sure there are substitutes possible for zone name, config file, working directory, unsigned file, signed file. This will differ for DNS Adapters (compared to File Adapters). Perhaps an Auditor API is needed? By the way, 1.3 still has the auditor enabled by default. Best regards, Matthijs On 11/08/2011 01:19 PM, Roy Arends wrote: > Hi all, > > I understand the auditor is default _off_ in ODS1.3. I see no point in > keeping it in ODS1.4, and therefor want it removed completely. Alex will > fix bugs, if any, on the older versions. > > Roy > > > > On 11/4/11 2:28 PM, "Jakob Schlyter" wrote: > >> On 4 nov 2011, at 14:19, Alex Dalitz wrote: >> >>>> Yes, the auditor is already default off in trunk/ (to be 1.4). After >>>> 1.4 has been release, we'll move it out of the tree. >>> >>> _AFTER_ the 1.4 release? I had been assuming removal after the 1.3 >>> branch... >> >> We'll discuss this in Stockholm, although I agree that we might want to >> remove it earlier (asap). >> >> jakob >> >> _______________________________________________ >> Opendnssec-develop mailing list >> Opendnssec-develop at lists.opendnssec.org >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOuSNJAAoJEA8yVCPsQCW5gv0H/0CiD/IUIl4Hbq++ya+5cJ/L hU82rD+OAS0RjmVSdMi9fhE9+0E2XjLr0D0SQTcxnbps2TCvZE21ZDllU3AALUkJ YI2DujkpvQYWmDanHCMvMhbhGiFX9RWkb0qgAOPoxf1xwQmukjLac3HkkZEanyuI hGjh9Vb7iyQDc3dRzUql5qwUR6HsMgl+EBzYlOugnmDgF7R/RumAltirllk4k9up 3FKIhg+3qc2DDfO/6vedyVhl0MLUma0guFrs3mdAq3GIgOokfu9HFU+C70kktIhF 02WFGX1PokszsWR+RJefogXkJ30yMFIh47kQ1eENe4DbMPSmoIkYNNvtTCEm5F8= =lRQN -----END PGP SIGNATURE----- From jakob at kirei.se Tue Nov 8 12:54:48 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Tue, 8 Nov 2011 13:54:48 +0100 Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor In-Reply-To: <4EB92349.1040400@nlnetlabs.nl> References: <4EB92349.1040400@nlnetlabs.nl> Message-ID: <4EDB309E-4E72-43F8-B0DE-921FB436E44E@kirei.se> On 8 nov 2011, at 13:40, Matthijs Mekking wrote: > My first suggestion was an optional element in conf.xml > > /path_to_auditor/binary -z %zone ... > > which will be called by the signer instead of the current auditor. We'll > have to make sure there are substitutes possible for zone name, config > file, working directory, unsigned file, signed file. This will differ > for DNS Adapters (compared to File Adapters). Perhaps an Auditor API is > needed? I think the above would be enough. If that command exists and returns non-zero, reject the zone. > By the way, 1.3 still has the auditor enabled by default. I don't have a problem with that, we can remove it 1.4 anyway. jakob -- Jakob Schlyter Kirei AB - http://www.kirei.se/ From rickard at opendnssec.org Tue Nov 8 12:55:25 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 8 Nov 2011 13:55:25 +0100 Subject: [Opendnssec-develop] RE: Documentation In-Reply-To: References: Message-ID: > fyi - ?I have pushed the 'revamped' docs out to the main site: > > https://wiki.opendnssec.org/display/DOCS The documentation looks great! // Rickard From jakob at kirei.se Tue Nov 8 12:56:14 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Tue, 8 Nov 2011 13:56:14 +0100 Subject: [Opendnssec-develop] RE: Documentation In-Reply-To: References: Message-ID: On 8 nov 2011, at 13:55, Rickard Bellgrim wrote: >> fyi - I have pushed the 'revamped' docs out to the main site: >> >> https://wiki.opendnssec.org/display/DOCS > > The documentation looks great! Dito - toppenbra! jakob From nick.vandenheuvel at sidn.nl Tue Nov 8 13:00:51 2011 From: nick.vandenheuvel at sidn.nl (Nick van den Heuvel) Date: Tue, 8 Nov 2011 13:00:51 +0000 Subject: [Opendnssec-develop] RE: Documentation In-Reply-To: References: Message-ID: <8379DE00FDBE1B4F95522D088EC260DD145E29@kambx2.SIDN.local> If I did not mention this earlier...indeed! good work! -----Original Message----- From: opendnssec-develop-bounces at lists.opendnssec.org [mailto:opendnssec-develop-bounces at lists.opendnssec.org] On Behalf Of Jakob Schlyter Sent: dinsdag 8 november 2011 13:56 To: Rickard Bellgrim Cc: opendnssec-develop at lists.opendnssec.org Subject: Re: [Opendnssec-develop] RE: Documentation On 8 nov 2011, at 13:55, Rickard Bellgrim wrote: >> fyi - I have pushed the 'revamped' docs out to the main site: >> >> https://wiki.opendnssec.org/display/DOCS > > The documentation looks great! Dito - toppenbra! jakob _______________________________________________ Opendnssec-develop mailing list Opendnssec-develop at lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From sara at sinodun.com Tue Nov 8 15:12:01 2011 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 8 Nov 2011 15:12:01 +0000 Subject: [Opendnssec-develop] RE: Documentation In-Reply-To: <8379DE00FDBE1B4F95522D088EC260DD145E29@kambx2.SIDN.local> References: <8379DE00FDBE1B4F95522D088EC260DD145E29@kambx2.SIDN.local> Message-ID: Thanks guys - glad you like it. : D Sara. On 8 Nov 2011, at 13:00, Nick van den Heuvel wrote: > If I did not mention this earlier...indeed! good work! > > -----Original Message----- > From: opendnssec-develop-bounces at lists.opendnssec.org [mailto:opendnssec-develop-bounces at lists.opendnssec.org] On Behalf Of Jakob Schlyter > Sent: dinsdag 8 november 2011 13:56 > To: Rickard Bellgrim > Cc: opendnssec-develop at lists.opendnssec.org > Subject: Re: [Opendnssec-develop] RE: Documentation > > On 8 nov 2011, at 13:55, Rickard Bellgrim wrote: > >>> fyi - I have pushed the 'revamped' docs out to the main site: >>> >>> https://wiki.opendnssec.org/display/DOCS >> >> The documentation looks great! > > Dito - toppenbra! > > jakob > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From Roland.vanRijswijk at surfnet.nl Tue Nov 8 19:11:08 2011 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Tue, 8 Nov 2011 20:11:08 +0100 Subject: [Opendnssec-develop] RE: Documentation In-Reply-To: References: Message-ID: <8C7EF04B-1EE4-4E5B-B531-10F0F124E644@surfnet.nl> On 8 nov 2011, at 13:55, Rickard Bellgrim wrote: >> fyi - I have pushed the 'revamped' docs out to the main site: >> >> https://wiki.opendnssec.org/display/DOCS > > The documentation looks great! Agreed! Looks very professional and well structured! Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From rickard at opendnssec.org Wed Nov 9 16:01:35 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 9 Nov 2011 17:01:35 +0100 Subject: [Opendnssec-develop] RE: Documentation In-Reply-To: References: Message-ID: > fyi - ?I have pushed the 'revamped' docs out to the main site: > > https://wiki.opendnssec.org/display/DOCS And the SoftHSM pages has now also been migrated: https://wiki.opendnssec.org/display/SoftHSM From jerry at opendnssec.org Mon Nov 14 13:46:12 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Mon, 14 Nov 2011 14:46:12 +0100 Subject: [Opendnssec-develop] Memory Usage in OpenDNSSEC signer 1.3.2 and ldns 1.6.10 Message-ID: Hi, I have finished my report on the memory usage, you can read it at: https://wiki.opendnssec.org/display/~jerry/Memory+Usage+in+OpenDNSSEC+signer +1.3.2+and+ldns+1.6.10 And find the code at: http://svn.opendnssec.org/home/jerry/memory-usage/ /Jerry -------------- next part -------------- An HTML attachment was scrubbed... URL: From miek at miek.nl Mon Nov 14 14:13:49 2011 From: miek at miek.nl (Miek Gieben) Date: Mon, 14 Nov 2011 15:13:49 +0100 Subject: [Opendnssec-develop] Re: Memory Usage in OpenDNSSEC signer 1.3.2 and ldns 1.6.10 In-Reply-To: References: Message-ID: <20111114141349.GC22674@miek.nl> [ Quoting at 14:46 on Nov 14 in "Memory Usage in Open..." ] > Hi, > > I have finished my report on the memory usage, you can read it at: > https://wiki.opendnssec.org/display/~jerry/ > Memory+Usage+in+OpenDNSSEC+signer+1.3.2+and+ldns+1.6.10 > > And find the code at: > http://svn.opendnssec.org/home/jerry/memory-usage/ > > /Jerry A very interesting read! Thanks for looking in to this. So basically with a few "simple" fixes you cut memory by 25%. That is a nice result. From the top of my head, the simple tests I did with BIND resulted in another 25% drop of the memory used, so we are half way there :-) As you say, checking the temporary allocations in ldns seems to be a worth while endevour, and I'm willing to help (if needed). About the rdf structure in ldns. Yes, I see that from a memory allocation they suck, but at the time they made ldns tick. I.e. when we introduced the rdf type in ldns all the RR types became very easy to implement. Having said that, I think a higher memory usage compared to BIND is justified, as ldns is a generic (extensible) dns library. Are there any "next steps" planned? grtz, -- Miek -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From matthijs at NLnetLabs.nl Tue Nov 15 09:07:39 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Tue, 15 Nov 2011 10:07:39 +0100 Subject: [Opendnssec-develop] Re: Memory Usage in OpenDNSSEC signer 1.3.2 and ldns 1.6.10 In-Reply-To: <20111114141349.GC22674@miek.nl> References: <20111114141349.GC22674@miek.nl> Message-ID: <4EC22BDB.2070901@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Now that it becomes clear to us that the memory usage in OpenDNSSEC is a real issue (unlike the reports I heard in the summer), we will reserve resources to tackle this: * I have notified Willem, the ldns maintainer, to look into the ldns memory issues. * I will implement a region allocator like unbound/nsd to reduce the number of mallocs/frees. * I will use a different structure than ldns_rdf** to store the rdata within OpenDNSSEC. Best regards, Matthijs On 11/14/2011 03:13 PM, Miek Gieben wrote: > [ Quoting at 14:46 on Nov 14 in "Memory Usage in Open..." ] >> Hi, >> >> I have finished my report on the memory usage, you can read it at: >> https://wiki.opendnssec.org/display/~jerry/ >> Memory+Usage+in+OpenDNSSEC+signer+1.3.2+and+ldns+1.6.10 >> >> And find the code at: >> http://svn.opendnssec.org/home/jerry/memory-usage/ >> >> /Jerry > > A very interesting read! Thanks for looking in to this. > > So basically with a few "simple" fixes you cut memory by 25%. That is a nice > result. From the top of my head, the simple tests I did with BIND resulted > in another 25% drop of the memory used, so we are half way there :-) > > As you say, checking the temporary allocations in ldns seems to be a worth > while endevour, and I'm willing to help (if needed). > > About the rdf structure in ldns. Yes, I see that from a memory allocation they > suck, but at the time they made ldns tick. I.e. when we introduced the rdf > type in ldns all the RR types became very easy to implement. > > Having said that, I think a higher memory usage compared to BIND is justified, > as ldns is a generic (extensible) dns library. > > Are there any "next steps" planned? > > grtz, > > > > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOwivbAAoJEA8yVCPsQCW5cAsH/3qUUmIawqUQI8KNwJMl+kzR HSOzkFSfioXB7ujj0EvhfhDY3DW9kW3JahA0m0hWNdkCT/uBnckW3wQvoGcKsQKt dGQyerU8gQqhapfK2mAqdxzHgsrLayzKcnJa4X9XiKDKcnFUZ896Ur9UXT8N224c P7jCyVZtKiD87enr+uOMB251kOLdLLan0TbqLgaQVoe75XlyUDu2Cp2xvswqNymm RAWFKeW03zBWwuSQZPDLrRwXXhWcHrui7UL5VcM1LN3H9iFWDWfHQlgAA3ujXZ4Z ARoiF7HcItX7WKOOpbr11zP4rHV3xQ7J4FI4VIYF26EWfdIlrbSBIuAIdS1p2Mg= =I4kE -----END PGP SIGNATURE----- From jerry at opendnssec.org Wed Nov 16 08:23:08 2011 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 16 Nov 2011 09:23:08 +0100 Subject: [Opendnssec-develop] Re: Memory Usage in OpenDNSSEC signer 1.3.2 and ldns 1.6.10 In-Reply-To: <20111114141349.GC22674@miek.nl> References: <20111114141349.GC22674@miek.nl> Message-ID: On Mon, Nov 14, 2011 at 3:13 PM, Miek Gieben wrote: > > Are there any "next steps" planned? My next steps are to finalize some of the code and send it upstream, I found a few things in ldns but I have to verify it with the latest source. I would also like to test a slab-like allocator for data like strings and look at the possibility to create macros for storing sizeof(data) <= sizeof(void*) inside the pointer itself without any runtime impact. /Jerry From jerry at opendnssec.org Wed Nov 16 11:44:31 2011 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 16 Nov 2011 12:44:31 +0100 Subject: [Opendnssec-develop] Support Process Message-ID: Hi, I've have made an attempt at a support process and would like some feedback: https://wiki.opendnssec.org/display/OpenDNSSEC/Support+Process There are two things that came up as i wrote it: 1. How long should we wait on the user when requesting more information before closing the issue? 2. How long should we wait on the user to accept the solution before closing the issue? I feel that maybe a week should be good on each case since they can also reopen the issue later, what do you think? /Jerry From matthijs at NLnetLabs.nl Wed Nov 16 11:46:39 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Wed, 16 Nov 2011 12:46:39 +0100 Subject: [Opendnssec-develop] Support Process In-Reply-To: References: Message-ID: <4EC3A29F.3040003@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/16/2011 12:44 PM, Jerry Lundstr?m wrote: > Hi, > > I've have made an attempt at a support process and would like some feedback: > https://wiki.opendnssec.org/display/OpenDNSSEC/Support+Process > > There are two things that came up as i wrote it: > 1. How long should we wait on the user when requesting more > information before closing the issue? > 2. How long should we wait on the user to accept the solution before > closing the issue? > > I feel that maybe a week should be good on each case since they can > also reopen the issue later, what do you think? I have no strong feelings about this, a week sounds good to me. Best regards, Matthijs > > /Jerry > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOw6KfAAoJEA8yVCPsQCW5Qi0H/Rhx7HOi0nQS487KHRJSLrhm LIDwzb6OlOP6GywtjJVs/VgJeSDmFuzTQv7qRY+PBWQcshLgDTjteZL1Yjg6qUz2 Wv2TlXneB0na0uVAZg7Pc8S3nhQcfl6ibnfFs2ThycIDYOgBQMtJoI0Aa/87VCLv mqmb42yShsiNxk0tJa7/xEXXkn32ZSQeJe+eJnrJjigJaH6kEqFhIIXiypnzZCIs eH4u0vZKjTyEPKqjfBMeDygI6RUJTo5yAIief614a4hUjJLZwto6IloL2kqG8vIp FhDB7BJI3IuzTvndGxZWWLCYNn2D1W0tjpYOkVwh+6hnqrOTLpOQHMeCFWG1kCc= =GY7Y -----END PGP SIGNATURE----- From rickard at opendnssec.org Wed Nov 16 12:56:06 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 16 Nov 2011 13:56:06 +0100 Subject: [Opendnssec-develop] Support Process In-Reply-To: <4EC3A29F.3040003@nlnetlabs.nl> References: <4EC3A29F.3040003@nlnetlabs.nl> Message-ID: >> I feel that maybe a week should be good on each case since they can >> also reopen the issue later, what do you think? > > I have no strong feelings about this, a week sounds good to me. It works for me. One week sounds short, but as you say, they can reopen the issue. // Rickard From jerry at opendnssec.org Wed Nov 16 12:58:26 2011 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 16 Nov 2011 13:58:26 +0100 Subject: [Opendnssec-develop] Support Process In-Reply-To: References: <4EC3A29F.3040003@nlnetlabs.nl> Message-ID: You are all welcome to comment the process itself also :) /Jerry From rickard at opendnssec.org Wed Nov 16 13:09:19 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 16 Nov 2011 14:09:19 +0100 Subject: [Opendnssec-develop] The meeting in Stockholm Message-ID: Hi Everyone Thank you for the last meeting in Stockholm. We have many interesting topics which resulted in a number of action points. They have all now been entered in the issue tracker. Here is a summery on the decisions which were made: * Everything we do should go through the issue tracker. * We will deprecate the Auditor if there are no objections from the users. * All of the important subversion commits we do, should have the corresponding issue key in the comments. * We are going to improve the various project process. One of the important topics is to improve the handling of the requirements. // Rickard From jerry at opendnssec.org Thu Nov 17 09:16:43 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Thu, 17 Nov 2011 10:16:43 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: Message-ID: We now only have 2 issues left, one (OPENDNSSEC-124) which we could skip till next: Supress output of ods-ksmutil update dnsruby version for 1.3 branch Status on OPENDNSSEC-112? /Jerry From sion at nominet.org.uk Thu Nov 17 09:37:47 2011 From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=) Date: Thu, 17 Nov 2011 09:37:47 +0000 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: References: Message-ID: <4EC4D5EB.3030908@nominet.org.uk> On 17/11/11 09:16, Jerry Lundstr?m wrote: > We now only have 2 issues left, one (OPENDNSSEC-124) which we could skip > till next: > > Supress output of ods-ksmutil > > I'm not convinced that this is an issue. I will fix it for v1.4 if people really want it, but for 1.3 I'd say that between Rickard and Sebastian this has been answered. Sion From AlexD at nominet.org.uk Thu Nov 17 09:56:49 2011 From: AlexD at nominet.org.uk (Alex Dalitz) Date: Thu, 17 Nov 2011 09:56:49 +0000 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: References: Message-ID: <8DE26736-94DE-4E24-87EB-DDD825AEDAF4@nominet.org.uk> > update dnsruby version for 1.3 branch > > > Status on OPENDNSSEC-112? Dnsruby trunk contains the fixes required for OpenDNSSEC. I'm still waiting for a number of users to get back to me on this potential dnsruby release, for other projects. However, in the absence of a timely response from them, I'm happy to make a release of dnsruby when required by OpenDNSSEC. I can always make another release when required by the other projects. Would you like me to do this today? Alex. From jerry at opendnssec.org Thu Nov 17 10:01:39 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Thu, 17 Nov 2011 11:01:39 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: <8DE26736-94DE-4E24-87EB-DDD825AEDAF4@nominet.org.uk> Message-ID: On 2011-11-17 10.56, Alex Dalitz wrote: >Would you like me to do this today? That would be nice since it means we can release 1.3.3 later today also hopefully. /Jerry From jerry at opendnssec.org Thu Nov 17 10:06:57 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Thu, 17 Nov 2011 11:06:57 +0100 Subject: [Opendnssec-develop] Wiki page update Message-ID: Hi, We talked about the process for updating wiki pages at the developer meet but what did we agree on? Are we still using the hidden page thingy? If so, how can you verify that the page you want to edit does not have an hidden page already? /Jerry -------------- next part -------------- An HTML attachment was scrubbed... URL: From jakob at kirei.se Thu Nov 17 10:11:17 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Thu, 17 Nov 2011 11:11:17 +0100 Subject: [Opendnssec-develop] Wiki page update In-Reply-To: References: Message-ID: <05D6D681-A245-4A58-AA89-2F58FF1ED1A4@kirei.se> On 17 nov 2011, at 11:06, Jerry Lundstr?m wrote: > We talked about the process for updating wiki pages at the developer meet but what did we agree on? > > Are we still using the hidden page thingy? I believe we decided to use the methology as for the source, i.e. a trunk and branches. No hidden pages. jakob From sara at sinodun.com Thu Nov 17 10:22:38 2011 From: sara at sinodun.com (Sara (Sinodun)) Date: Thu, 17 Nov 2011 10:22:38 +0000 Subject: [Opendnssec-develop] Wiki page update In-Reply-To: <05D6D681-A245-4A58-AA89-2F58FF1ED1A4@kirei.se> References: <05D6D681-A245-4A58-AA89-2F58FF1ED1A4@kirei.se> Message-ID: On 17 Nov 2011, at 10:11, Jakob Schlyter wrote: > On 17 nov 2011, at 11:06, Jerry Lundstr?m wrote: > >> We talked about the process for updating wiki pages at the developer meet but what did we agree on? >> >> Are we still using the hidden page thingy? > > I believe we decided to use the methology as for the source, i.e. a trunk and branches. No hidden pages. > > jakob > That was my understanding too. I will create the 'trunk' of docs later today and send out a link. Sara. From roland.vanrijswijk at surfnet.nl Thu Nov 17 10:32:40 2011 From: roland.vanrijswijk at surfnet.nl (Roland van Rijswijk) Date: Thu, 17 Nov 2011 11:32:40 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon today at 14:00h CET (with reschedule request!) Message-ID: Hi guys, We have an Enforcer NG telecon scheduled for today at 14:00h CET; I have a scheduling conflict and if possible would like to reschedule to 13:30h if possible, can you let me know if that's OK? Conference details are - as usual: Dial-in to +31-30-2040323 Conference PIN: 030003 Suggested agenda: - OAB decision about Enforcer NG & ODNS 2.0 - Feedback & state of alpha - Roadmap towards beta - Testing - AOB Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From matthijs at NLnetLabs.nl Thu Nov 17 10:35:59 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Thu, 17 Nov 2011 11:35:59 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon today at 14:00h CET (with reschedule request!) In-Reply-To: References: Message-ID: <4EC4E38F.5050806@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yuri is taking days off, so I assume he won't be dialing in. I will, 13:30 is fine. Best regards, Matthijs On 11/17/2011 11:32 AM, Roland van Rijswijk wrote: > Hi guys, > > We have an Enforcer NG telecon scheduled for today at 14:00h CET; I have a scheduling conflict and if possible would like to reschedule to 13:30h if possible, can you let me know if that's OK? > > Conference details are - as usual: > > Dial-in to +31-30-2040323 > > Conference PIN: 030003 > > Suggested agenda: > > - OAB decision about Enforcer NG & ODNS 2.0 > - Feedback & state of alpha > - Roadmap towards beta > - Testing > - AOB > > Cheers, > > Roland > > -- Roland M. van Rijswijk > -- SURFnet Middleware Services > -- t: +31-30-2305388 > -- e: roland.vanrijswijk at surfnet.nl > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOxOOOAAoJEA8yVCPsQCW5g5wIAI8WWn0VVnonjszgzdKdfkgO eXZbIbT6E6Kuc0PCVNhlo3HMLxELtahTWyDSsoYpmnzYRzi7U2VsaJKH3scPFtvu OukrBzZKouZsfstVTZXCf9KQE0Zv55pw2Lh/G3wFCvy9cz0+KGulIL5jFskGXUxE zH0zi6yANYyjOEt/U+kVsoe3hm5r0PQn/pScJnv9+WLn450dDO7bfkfEGbufnjF+ /x7Zwk54rZ/C9rs5FtrE2+oVu8ghAAhuZEHi0NRhkCV1C7RMt9eAS8rtrSB3b7uR THkIYyBWVnxzkWuI3Dhx/R5vDf6V7BKPl8g8GGOFbG52jCbTqLIeXBIJIeTt25Q= =oJ0/ -----END PGP SIGNATURE----- From roland.vanrijswijk at surfnet.nl Thu Nov 17 10:37:23 2011 From: roland.vanrijswijk at surfnet.nl (Roland van Rijswijk) Date: Thu, 17 Nov 2011 11:37:23 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon today at 14:00h CET (with reschedule request!) In-Reply-To: <4EC4E38F.5050806@nlnetlabs.nl> References: <4EC4E38F.5050806@nlnetlabs.nl> Message-ID: <806B9D2D-0C12-4D2E-9143-15DE0E67CF20@surfnet.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Matthijs, Will you be able to discuss his work (at a high level)? If not, perhaps we should consider rescheduling to a date when Yuri is available as I think hearing about his work is crucial for knowing where we're at ;-) Cheers, Roland On 17 nov 2011, at 11:35, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yuri is taking days off, so I assume he won't be dialing in. > I will, 13:30 is fine. > > Best regards, > Matthijs > > On 11/17/2011 11:32 AM, Roland van Rijswijk wrote: >> Hi guys, >> >> We have an Enforcer NG telecon scheduled for today at 14:00h CET; I have a scheduling conflict and if possible would like to reschedule to 13:30h if possible, can you let me know if that's OK? >> >> Conference details are - as usual: >> >> Dial-in to +31-30-2040323 >> >> Conference PIN: 030003 >> >> Suggested agenda: >> >> - OAB decision about Enforcer NG & ODNS 2.0 >> - Feedback & state of alpha >> - Roadmap towards beta >> - Testing >> - AOB >> >> Cheers, >> >> Roland >> >> -- Roland M. van Rijswijk >> -- SURFnet Middleware Services >> -- t: +31-30-2305388 >> -- e: roland.vanrijswijk at surfnet.nl >> >> _______________________________________________ >> Opendnssec-develop mailing list >> Opendnssec-develop at lists.opendnssec.org >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop >> > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJOxOOOAAoJEA8yVCPsQCW5g5wIAI8WWn0VVnonjszgzdKdfkgO > eXZbIbT6E6Kuc0PCVNhlo3HMLxELtahTWyDSsoYpmnzYRzi7U2VsaJKH3scPFtvu > OukrBzZKouZsfstVTZXCf9KQE0Zv55pw2Lh/G3wFCvy9cz0+KGulIL5jFskGXUxE > zH0zi6yANYyjOEt/U+kVsoe3hm5r0PQn/pScJnv9+WLn450dDO7bfkfEGbufnjF+ > /x7Zwk54rZ/C9rs5FtrE2+oVu8ghAAhuZEHi0NRhkCV1C7RMt9eAS8rtrSB3b7uR > THkIYyBWVnxzkWuI3Dhx/R5vDf6V7BKPl8g8GGOFbG52jCbTqLIeXBIJIeTt25Q= > =oJ0/ > -----END PGP SIGNATURE----- - -- Roland M. van Rijswijk - -- SURFnet Middleware Services - -- t: +31-30-2305388 - -- e: roland.vanrijswijk at surfnet.nl -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQEcBAEBAgAGBQJOxOPmAAoJELddXisbx14rWG0H/R50TIK6L6wZ5o1QPbqvq2q/ Vum2AgpsKEpPYmq/pp3a7CJCbJjo/gQyx0eKvWcRkPu+eTu2iEBoq2tpVorwebzX JIzz03zBl0QqYUkYoqwTAZwCL2Pjpfd/IfrnZEhTkvsJ0tLjQ0TmUQfArO7+Tiip vRDI18uyv/Dh1fHKo0SnGS5ay5XV+0kY/XdDYD4h6BCXAFlW1ZUkRneTCR7jD6br URTlcC2+ojYNqBMCIZiknY82K70+hN4kv+dnGCOWuyewqIiM+nn5U4WLDsnoPE2X AaiCZwvIaO8x7EbLBfNQehqrQXaVk5sHP68oFuNUllrCb98aNmKE733Z2fk+BBw= =kWZ0 -----END PGP SIGNATURE----- From matthijs at NLnetLabs.nl Thu Nov 17 10:43:16 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Thu, 17 Nov 2011 11:43:16 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon today at 14:00h CET (with reschedule request!) In-Reply-To: <806B9D2D-0C12-4D2E-9143-15DE0E67CF20@surfnet.nl> References: <4EC4E38F.5050806@nlnetlabs.nl> <806B9D2D-0C12-4D2E-9143-15DE0E67CF20@surfnet.nl> Message-ID: <4EC4E544.5000003@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not at a high level, If you want to reschedule, Yuri will be back 28 Nov. Best regards, Matthijs On 11/17/2011 11:37 AM, Roland van Rijswijk wrote: > Hi Matthijs, > > Will you be able to discuss his work (at a high level)? If not, perhaps we should consider rescheduling to a date when Yuri is available as I think hearing about his work is crucial for knowing where we're at ;-) > > Cheers, > > Roland > > On 17 nov 2011, at 11:35, Matthijs Mekking wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 > >> Yuri is taking days off, so I assume he won't be dialing in. >> I will, 13:30 is fine. > >> Best regards, >> Matthijs > >> On 11/17/2011 11:32 AM, Roland van Rijswijk wrote: >>> Hi guys, >>> >>> We have an Enforcer NG telecon scheduled for today at 14:00h CET; I have a scheduling conflict and if possible would like to reschedule to 13:30h if possible, can you let me know if that's OK? >>> >>> Conference details are - as usual: >>> >>> Dial-in to +31-30-2040323 >>> >>> Conference PIN: 030003 >>> >>> Suggested agenda: >>> >>> - OAB decision about Enforcer NG & ODNS 2.0 >>> - Feedback & state of alpha >>> - Roadmap towards beta >>> - Testing >>> - AOB >>> >>> Cheers, >>> >>> Roland >>> >>> -- Roland M. van Rijswijk >>> -- SURFnet Middleware Services >>> -- t: +31-30-2305388 >>> -- e: roland.vanrijswijk at surfnet.nl >>> >>> _______________________________________________ >>> Opendnssec-develop mailing list >>> Opendnssec-develop at lists.opendnssec.org >>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop >>> > >> _______________________________________________ Opendnssec-develop mailing list Opendnssec-develop at lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOxOVEAAoJEA8yVCPsQCW5gvcIAJhRY/QYycTorAwMXN4uUxvx X1Qtc+Jkka5/D8HZmUY6jOyM9MomoOpPeNNucMwQQfWP9lPSPxDKG6Tdiq4bAsUB 5E2NfK9Qd+W26+4azsINnYOFP2VeZEYRKDqX/ZKDhqEEtsoapWQiyO5jNkA7y5k8 Cze9T7xsLOwFqXGE8/prLbcnncnhmzMdIp4Ss+2D/yYfq3ofOQWxU+g/YIE+hoJd aM5L41RVFqFC/xQvlICzrummO9EQLaBFO/72aMHNEmPp7bo98wJphu11BYBojZa+ kIQ5j442V+QT9XlHItnwG/Km5u/5HE3BeJRZnl6YS/ScTXQg2qnU6VAMUjvv6rc= =8NkD -----END PGP SIGNATURE----- From roland.vanrijswijk at surfnet.nl Thu Nov 17 10:45:46 2011 From: roland.vanrijswijk at surfnet.nl (Roland van Rijswijk) Date: Thu, 17 Nov 2011 11:45:46 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon today at 14:00h CET (with reschedule request!) In-Reply-To: <4EC4E544.5000003@nlnetlabs.nl> References: <4EC4E38F.5050806@nlnetlabs.nl> <806B9D2D-0C12-4D2E-9143-15DE0E67CF20@surfnet.nl> <4EC4E544.5000003@nlnetlabs.nl> Message-ID: <70BC1135-727F-42BB-9AA4-D50D2B3368CA@surfnet.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Guys, Given that Yuri is unavailable, can we perhaps reschedule for December 1st at 14:00h CET? Cheers, Roland On 17 nov 2011, at 11:43, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Not at a high level, If you want to reschedule, Yuri will be back 28 Nov. > > Best regards, > Matthijs > > On 11/17/2011 11:37 AM, Roland van Rijswijk wrote: >> Hi Matthijs, >> >> Will you be able to discuss his work (at a high level)? If not, perhaps we should consider rescheduling to a date when Yuri is available as I think hearing about his work is crucial for knowing where we're at ;-) >> >> Cheers, >> >> Roland >> >> On 17 nov 2011, at 11:35, Matthijs Mekking wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >> >>> Yuri is taking days off, so I assume he won't be dialing in. >>> I will, 13:30 is fine. >> >>> Best regards, >>> Matthijs >> >>> On 11/17/2011 11:32 AM, Roland van Rijswijk wrote: >>>> Hi guys, >>>> >>>> We have an Enforcer NG telecon scheduled for today at 14:00h CET; I have a scheduling conflict and if possible would like to reschedule to 13:30h if possible, can you let me know if that's OK? >>>> >>>> Conference details are - as usual: >>>> >>>> Dial-in to +31-30-2040323 >>>> >>>> Conference PIN: 030003 >>>> >>>> Suggested agenda: >>>> >>>> - OAB decision about Enforcer NG & ODNS 2.0 >>>> - Feedback & state of alpha >>>> - Roadmap towards beta >>>> - Testing >>>> - AOB >>>> >>>> Cheers, >>>> >>>> Roland >>>> >>>> -- Roland M. van Rijswijk >>>> -- SURFnet Middleware Services >>>> -- t: +31-30-2305388 >>>> -- e: roland.vanrijswijk at surfnet.nl >>>> >>>> _______________________________________________ >>>> Opendnssec-develop mailing list >>>> Opendnssec-develop at lists.opendnssec.org >>>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop >>>> >> >>> > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJOxOVEAAoJEA8yVCPsQCW5gvcIAJhRY/QYycTorAwMXN4uUxvx > X1Qtc+Jkka5/D8HZmUY6jOyM9MomoOpPeNNucMwQQfWP9lPSPxDKG6Tdiq4bAsUB > 5E2NfK9Qd+W26+4azsINnYOFP2VeZEYRKDqX/ZKDhqEEtsoapWQiyO5jNkA7y5k8 > Cze9T7xsLOwFqXGE8/prLbcnncnhmzMdIp4Ss+2D/yYfq3ofOQWxU+g/YIE+hoJd > aM5L41RVFqFC/xQvlICzrummO9EQLaBFO/72aMHNEmPp7bo98wJphu11BYBojZa+ > kIQ5j442V+QT9XlHItnwG/Km5u/5HE3BeJRZnl6YS/ScTXQg2qnU6VAMUjvv6rc= > =8NkD > -----END PGP SIGNATURE----- - -- Roland M. van Rijswijk - -- SURFnet Middleware Services - -- t: +31-30-2305388 - -- e: roland.vanrijswijk at surfnet.nl -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQEcBAEBAgAGBQJOxOXaAAoJELddXisbx14ruIIH/3EXA2inzVQncqGqVEL1VpKK UhSkdPdSoC8ecyPMkYjKV+Wqb/8erwOtwFor2+3oZEWmIX5uylngibIQY/ZhKsTw ly8DSyQXzmgngtEXbhNQ4yWLAj9IW52gsheXI/+ahGqJ+mq9hpiRAET8k+WsUFgf qlOfDP+i1opTXXAn3SNfmix2FmYjvFw4bFKnlMi8t9CcpFEbq74gBQSL/HY9lsY8 Jh8iu+Gh8h0tXgbkGubA1aF8Sob6RyYFqEtO7zBXN0hb0JeTi7oNR2UiIHCGwIJC jao8+vaMEY7J5YF7J3uXDszJp6zdq9k12tc4Z3LDfb88uaR4fAANL53KJQTiZGw= =NOIz -----END PGP SIGNATURE----- From rickard at opendnssec.org Thu Nov 17 10:58:47 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Thu, 17 Nov 2011 11:58:47 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon today at 14:00h CET (with reschedule request!) In-Reply-To: <70BC1135-727F-42BB-9AA4-D50D2B3368CA@surfnet.nl> References: <4EC4E38F.5050806@nlnetlabs.nl> <806B9D2D-0C12-4D2E-9143-15DE0E67CF20@surfnet.nl> <4EC4E544.5000003@nlnetlabs.nl> <70BC1135-727F-42BB-9AA4-D50D2B3368CA@surfnet.nl> Message-ID: > Given that Yuri is unavailable, can we perhaps reschedule for December 1st at 14:00h CET? I cannot attend that date because I have an OpenDNSSEC training course Nov 30-Dec 1. // Rickard From AlexD at nominet.org.uk Thu Nov 17 11:27:10 2011 From: AlexD at nominet.org.uk (Alex Dalitz) Date: Thu, 17 Nov 2011 11:27:10 +0000 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: References: Message-ID: > That would be nice since it means we can release 1.3.3 later today also > hopefully. I have released dnsruby 1.53 and updated the dependencies in the ODS 1.3 branch. Alex. From jerry at opendnssec.org Thu Nov 17 11:56:21 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Thu, 17 Nov 2011 12:56:21 +0100 Subject: [Opendnssec-develop] Release OpenDNSSEC 1.3.3 In-Reply-To: Message-ID: We now have 3 resolved issues that needs closing by the reporter before release: Rickard: Fix links for bug reporting and wiki Alex: update dnsruby version for 1.3 branch Jakob: Add support for enforcing policy for a root zone /Jerry From roland.vanrijswijk at surfnet.nl Thu Nov 17 11:58:14 2011 From: roland.vanrijswijk at surfnet.nl (Roland van Rijswijk) Date: Thu, 17 Nov 2011 12:58:14 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon today at 14:00h CET (with reschedule request!) In-Reply-To: References: <4EC4E38F.5050806@nlnetlabs.nl> <806B9D2D-0C12-4D2E-9143-15DE0E67CF20@surfnet.nl> <4EC4E544.5000003@nlnetlabs.nl> <70BC1135-727F-42BB-9AA4-D50D2B3368CA@surfnet.nl> Message-ID: <826655A8-B2A5-46A7-9947-5567C2C981BE@surfnet.nl> On 17 nov 2011, at 11:58, Rickard Bellgrim wrote: >> Given that Yuri is unavailable, can we perhaps reschedule for December 1st at 14:00h CET? > > I cannot attend that date because I have an OpenDNSSEC training course > Nov 30-Dec 1. Nov 29 then? Know what, here's a Doodle :-D http://www.doodle.com/mxtzfevrk4vec79g Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Thu Nov 17 14:25:50 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Thu, 17 Nov 2011 15:25:50 +0100 Subject: [Opendnssec-develop] JIRA dash boards Message-ID: Hi, I have made a shared dash board that I feel gives me a good overlook on the issues: https://issues.opendnssec.org/secure/Dashboard.jspa?selectPageId=10200 . Left side and information about: - Issues in Support project grouped by issue status - Issues left for the next version of OpenDNSSEC - Issues left for the next version of SoftHSM - Issues assigned to me - Issues reported by me Right side has: - Activity stream with last 20 items in a list view Anyone else made a dash board they might want to share? /Jerry -------------- next part -------------- An HTML attachment was scrubbed... URL: From sion at nominet.org.uk Thu Nov 17 15:22:50 2011 From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=) Date: Thu, 17 Nov 2011 15:22:50 +0000 Subject: [Opendnssec-develop] Support Process In-Reply-To: References: Message-ID: <4EC526CA.1070601@nominet.org.uk> On 16/11/11 11:44, Jerry Lundstr?m wrote: > Hi, > > I've have made an attempt at a support process and would like some feedback: > https://wiki.opendnssec.org/display/OpenDNSSEC/Support+Process > > There are two things that came up as i wrote it: > 1. How long should we wait on the user when requesting more > information before closing the issue? > 2. How long should we wait on the user to accept the solution before > closing the issue? > > I feel that maybe a week should be good on each case since they can > also reopen the issue later, what do you think? > I think that we need to see how that works, it seems like most traffic on an issue occurs in the first few days so one week sounds reasonable to start with. The process seems like a fair place to start, and we can see how it works. The only thing that I would worry about is leaving the feature request support ticket open once it has been added as a development ticket. This might mean these tickets are open for a long time as the feature is in the "future release" bucket. Sion From jerry at opendnssec.org Fri Nov 18 08:57:43 2011 From: jerry at opendnssec.org (Jerry =?ISO-8859-1?B?THVuZHN0cvZt?=) Date: Fri, 18 Nov 2011 09:57:43 +0100 Subject: [Opendnssec-develop] Re: [issues.opendnssec.org] (OPENDNSSEC-123) Write article about the new issue tracker In-Reply-To: <236935408.408.1321543635647.JavaMail.jira@mountaineer.surfnet.nl> Message-ID: Hi all, This problem came up when I was making the "Reporting bugs" page, its a page that should exist in the OpenDNSSEC Documentation space but is not tied to a specific version. It is solvable by creating the page in OpenDNSSEC Development space and using the include macro in the other spaces. Create a page with the same name as the page you want to include and in the page content enter { to bring up the auto completion, select include and then enter the page name of the page you want to include. Hover over the page name to see what space it is in so you select the right now. Maybe I should add a page on how to add pages :) /Jerry On 2011-11-17 16.27, Jakob Schlyter (Commented) (JIRA) wrote: > > [ >https://issues.opendnssec.org/browse/OPENDNSSEC-123?page=com.atlassian.jir >a.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16448#com >ment-16448 ] > >Jakob Schlyter commented on OPENDNSSEC-123: >------------------------------------------- > >Shouldn't this be documented in the development space as this is not tied >to a specific version? if/when we change the process we don't want to >update all previous versions of the docs as well? > >> Write article about the new issue tracker >> ----------------------------------------- >> >> Key: OPENDNSSEC-123 >> URL: https://issues.opendnssec.org/browse/OPENDNSSEC-123 >> Project: OpenDNSSEC >> Issue Type: Story >> Components: Documentation >> Reporter: Jakob Schlyter >> Assignee: Jerry Lundstr?m >> Fix For: Project >> >> > > >-- >This message is automatically generated by JIRA. >If you think it was sent incorrectly, please contact your JIRA >administrators: >https://issues.opendnssec.org/secure/ContactAdministrators!default.jspa >For more information on JIRA, see: http://www.atlassian.com/software/jira > > > From sara at sinodun.com Fri Nov 18 15:40:29 2011 From: sara at sinodun.com (Sara Dickinson) Date: Fri, 18 Nov 2011 15:40:29 +0000 Subject: Fwd: [Opendnssec-develop] Re: [issues.opendnssec.org] (OPENDNSSEC-123) Write article about the new issue tracker References: Message-ID: Hi Jerry, Thanks for pointing out the {include:page_name} trick which is very useful. A minor modification is that there is actually a separate space for documentation pages that are not tied to a particular release: the 'Documentation Reference Material' space. I suggest creating these type of pages there and then including them in the docs. I'm also in the process of updating the wiki pages describing how the documentation and wiki is set up so I'll add a 'Confluence hints and tips' page. Sara. > > On 18 Nov 2011, at 08:57, Jerry Lundstr?m wrote: > >> Hi all, >> >> This problem came up when I was making the "Reporting bugs" page, its a >> page that should exist in the OpenDNSSEC Documentation space but is not >> tied to a specific version. >> >> It is solvable by creating the page in OpenDNSSEC Development space and >> using the include macro in the other spaces. >> >> Create a page with the same name as the page you want to include and in >> the page content enter { to bring up the auto completion, select include >> and then enter the page name of the page you want to include. Hover over >> the page name to see what space it is in so you select the right now. >> >> Maybe I should add a page on how to add pages :) >> >> /Jerry >> >> On 2011-11-17 16.27, Jakob Schlyter (Commented) (JIRA) >> wrote: >> >>> >>> [ >>> https://issues.opendnssec.org/browse/OPENDNSSEC-123?page=com.atlassian.jir >>> a.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16448#com >>> ment-16448 ] >>> >>> Jakob Schlyter commented on OPENDNSSEC-123: >>> ------------------------------------------- >>> >>> Shouldn't this be documented in the development space as this is not tied >>> to a specific version? if/when we change the process we don't want to >>> update all previous versions of the docs as well? >>> >>>> Write article about the new issue tracker >>>> ----------------------------------------- >>>> >>>> Key: OPENDNSSEC-123 >>>> URL: https://issues.opendnssec.org/browse/OPENDNSSEC-123 >>>> Project: OpenDNSSEC >>>> Issue Type: Story >>>> Components: Documentation >>>> Reporter: Jakob Schlyter >>>> Assignee: Jerry Lundstr?m >>>> Fix For: Project >>>> >>>> >>> >>> >>> -- >>> This message is automatically generated by JIRA. >>> If you think it was sent incorrectly, please contact your JIRA >>> administrators: >>> https://issues.opendnssec.org/secure/ContactAdministrators!default.jspa >>> For more information on JIRA, see: http://www.atlassian.com/software/jira >>> >>> >>> >> >> >> _______________________________________________ >> Opendnssec-develop mailing list >> Opendnssec-develop at lists.opendnssec.org >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > From rickard at opendnssec.org Fri Nov 18 16:42:16 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Fri, 18 Nov 2011 17:42:16 +0100 Subject: [Opendnssec-develop] SoftHSM v2 Message-ID: Hi I have now dumped some of my memory of SoftHSM v2 into the issue tracker. There are probably more stuff that I need to think of. But I will fix that next week. // Rickard From jerry at opendnssec.org Mon Nov 21 12:45:33 2011 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Mon, 21 Nov 2011 13:45:33 +0100 Subject: [Opendnssec-develop] Support Process In-Reply-To: <9403706.17224.1321543947774.JavaMail.mobile-sync@bfkv26> References: <9403706.17224.1321543947774.JavaMail.mobile-sync@bfkv26> Message-ID: <6750050164785162724@unknownmsgid> On 17 nov 2011, at 16:22, "Si?n Lloyd" wrote: > The process seems like a fair place to start, and we can see how it > works. The only thing that I would worry about is leaving the feature > request support ticket open once it has been added as a development > ticket. This might mean these tickets are open for a long time as the > feature is in the "future release > " bucket. As a start we will only have the default JIRA statuses but we will want to extend them for the support issues to enable "Waiting for ..." statues. The future release stuff is another matter because right now it feels more like "Nice to have... but we will never have time to make it"-issues that could be handled differently and better. /Jerry From sara at sinodun.com Mon Nov 21 13:14:19 2011 From: sara at sinodun.com (Sara Dickinson) Date: Mon, 21 Nov 2011 13:14:19 +0000 Subject: [Opendnssec-develop] RE: Sinodun, docs and testing..... Message-ID: <61D0283A-5376-4E4B-8060-F947D919525C@sinodun.com> Hi all, Since our current contract for OpenDNSSEC work has now ended John and I are heading back to the day jobs for now. Obviously we will still try to contribute in our spare time and keep in touch! I just wanted to summarise where I have got with the documentation: - Documentation for the latest version is at: https://wiki.opendnssec.org/display/DOCS - Development version of the docs (i.e. for 1.4 updates): https://wiki.opendnssec.org/display/DOCSTRUNK - An updated process for publishing documentation and a Hints and Tips page is at: https://wiki.opendnssec.org/display/OpenDNSSEC/Documentation+Management+Process - New landing page for the developer wiki (which also replaces the dashboard as the default page for wiki.opendnssec.org): https://wiki.opendnssec.org/display/OpenDNSSEC - Wordpress site documentation page and various links updated. John will send out a summary of the current status of the jenkins testing work. Hope to be back on board in the future. Sara. -- Sara Dickinson http://sinodun.com Sinodun Internet Technologies Ltd. Stables 4, Suite 11 c/o HR Wallingford, Howbery Park, Wallingford, Oxfordshire, OX10 8BA, U.K. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sion at nominet.org.uk Mon Nov 21 13:55:28 2011 From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=) Date: Mon, 21 Nov 2011 13:55:28 +0000 Subject: [Opendnssec-develop] Issue 113 Message-ID: <4ECA5850.60608@nominet.org.uk> I'm not entirely sure where this issue came from, it turned up while we were discussing the 1.3.3 release... https://issues.opendnssec.org/browse/OPENDNSSEC-113 I've had a few attempts to recreate it, with both the first KSK into the system and subsequent keys. Does anyone have more information on it, or have the contact information for the original reporter? Cheers, Sion From sion at nominet.org.uk Tue Nov 22 14:41:04 2011 From: sion at nominet.org.uk (=?ISO-8859-1?Q?Si=F4n_Lloyd?=) Date: Tue, 22 Nov 2011 14:41:04 +0000 Subject: [Opendnssec-develop] Issue handling question Message-ID: <4ECBB480.5030005@nominet.org.uk> Hi. I have just commited code to address issue OPENDNSSEC-10. https://issues.opendnssec.org/browse/OPENDNSSEC-10 This needs to be done for the enforcerNG also; so I probably shouldn't resolve the issue or it will go away completely... If I remove it from the 1.4.0 release then it will look like it was never done, unless you look at subversion. How would we like to deal with this? Subtasks or cloned issues come to mind, but if we have a preference then I'd like to be consistent with that. Cheers, Sion From jerry at opendnssec.org Tue Nov 22 15:00:50 2011 From: jerry at opendnssec.org (=?ISO-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Tue, 22 Nov 2011 16:00:50 +0100 Subject: [Opendnssec-develop] Issue handling question In-Reply-To: <4ECBB480.5030005@nominet.org.uk> References: <4ECBB480.5030005@nominet.org.uk> Message-ID: <-5310850559115092276@unknownmsgid> Hi, We don't have any real preference, but one thought would be to maybe not have issues with two components because work wont be done in parallel since its only assign to one person at a time. That would have made this issue two issues at start. For this issue I think you should clone or recreate it, link then, set it to the same reporter and see that there is just one component per issue. Then you can close the original to mark your work finished. /Jerry On 22 nov 2011, at 15:41, "Si?n Lloyd" wrote: > Hi. > > I have just commited code to address issue OPENDNSSEC-10. > > https://issues.opendnssec.org/browse/OPENDNSSEC-10 > > This needs to be done for the enforcerNG also; so I probably shouldn't resolve the issue or it will go away completely... If I remove it from the 1.4.0 release then it will look like it was never done, unless you look at subversion. > > How would we like to deal with this? Subtasks or cloned issues come to mind, but if we have a preference then I'd like to be consistent with that. > > Cheers, > > Sion > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop From rickard at opendnssec.org Tue Nov 22 15:22:28 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 22 Nov 2011 16:22:28 +0100 Subject: [Opendnssec-develop] RE: Sinodun, docs and testing..... In-Reply-To: <61D0283A-5376-4E4B-8060-F947D919525C@sinodun.com> References: <61D0283A-5376-4E4B-8060-F947D919525C@sinodun.com> Message-ID: > John will send out a summary of the current status of the jenkins testing > work. Hope to be back on board in the future. It has been really helpful. Hoping that you get back real soon! // Rickard From roy at nominet.org.uk Tue Nov 22 17:49:28 2011 From: roy at nominet.org.uk (Roy Arends) Date: Tue, 22 Nov 2011 17:49:28 +0000 Subject: [Opendnssec-develop] RE: Sinodun, docs and testing..... In-Reply-To: Message-ID: On 11/22/11 3:22 PM, "Rickard Bellgrim" wrote: >> John will send out a summary of the current status of the jenkins >>testing >> work. Hope to be back on board in the future. > >It has been really helpful. Hoping that you get back real soon! Watch this space :-) Working hard to get Sinodun back in. Roy From roland.vanrijswijk at surfnet.nl Wed Nov 23 09:49:35 2011 From: roland.vanrijswijk at surfnet.nl (Roland van Rijswijk) Date: Wed, 23 Nov 2011 10:49:35 +0100 Subject: [Opendnssec-develop] Enforcer NG telecon on Tue. 29 Nov, 10:00h CET Message-ID: <4338BEFC-9266-4548-B4E5-640D1807BCDE@surfnet.nl> Hi all, The outcome of the Doodle meant I had to choose between not having Rickard or Jakob present; since Rickard is our project manager I chose a date where he was available, apologies Jakob, I will make sure minutes are available right after the meeting. So the new date for the Enforcer NG telecon will be Tuesday November 29th at 10:00h CET. Conference details are - as usual: Dial-in to +31-30-2040323 Conference PIN: 030003 Suggested agenda: - OAB decision about Enforcer NG & ODNS 2.0 - Feedback & state of alpha - Roadmap towards beta - Testing - AOB Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From jerry at opendnssec.org Wed Nov 23 14:37:22 2011 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 23 Nov 2011 15:37:22 +0100 Subject: [Opendnssec-develop] TRAC imported Message-ID: <287CF108-3BC6-4876-9A56-CBB7BB994CE1@opendnssec.org> Hi, I have imported all TRAC issues and moved the open issues to the Support project. Please take a look at your assigned and/or reported issues in Support and change any value that is wrong (like affected version) or close them if they are done. /Jerry From jerry at opendnssec.org Wed Nov 23 14:39:45 2011 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Wed, 23 Nov 2011 15:39:45 +0100 Subject: [Opendnssec-develop] Historical projects open for all (Pivotal/TRAC) Message-ID: Hi, I have made the history/import projects for Pivotal and TRAC open for all to view but no one can change or comment on them. If you see any issue that you want to move to the active projects please tell me. https://issues.opendnssec.org/browse/ODSPTHIST https://issues.opendnssec.org/browse/ODSTRACIMPORT /Jerry From jad at sinodun.com Wed Nov 23 15:09:55 2011 From: jad at sinodun.com (John Dickinson) Date: Wed, 23 Nov 2011 15:09:55 +0000 Subject: [Opendnssec-develop] Status of jenkins testing Message-ID: <66D5E36E-78FC-4BFA-9FDA-42135FE3373B@sinodun.com> Hi, I have checked in updated test scripts to svn. These are sufficient to build and run OpenDNSSEC and SoftHSM. There is a wiki page here: https://wiki.opendnssec.org/display/OpenDNSSEC/Continuos+Integration+Testing that describes the setup and has a list of TODOs. Jerry - I have made some changes to the framework that you might want to review. So far there is only one actual test job that runs and it is showing errors (seg faults) on some Solaris builds! If somebody wants to investigate these I will be happy to help. This test signs a large zone and X small zones and just checks that there are sufficient RRs in the zone after signing and that the correct number of keys were generated. It probably needs some work... If I have time I will take a look at these and work on some more tests however it would be useful if people could take a look at how it works now and comment on it. I am slightly concerned by the way that passing parameters from one build to the next restricts the user to running the whole suite of builds and tests every time, however Jerry's framework does mean that this is a relatively small overhead. I have installed the plugins so that jenkins will interact with Crowd, Confluence and Jira but these need configuring. John. --- jad at sinodun.com Sinodun Internet Technologies Ltd. Stables 4, Suite 11, Howbery Park, Wallingford, Oxfordshire, OX10 8BA, U.K. +44 (0)1491 834957 From jerry at opendnssec.org Thu Nov 24 08:54:29 2011 From: jerry at opendnssec.org (=?iso-8859-1?Q?Jerry_Lundstr=F6m?=) Date: Thu, 24 Nov 2011 09:54:29 +0100 Subject: [Opendnssec-develop] Status of jenkins testing In-Reply-To: <66D5E36E-78FC-4BFA-9FDA-42135FE3373B@sinodun.com> References: <66D5E36E-78FC-4BFA-9FDA-42135FE3373B@sinodun.com> Message-ID: <7F92B7B2-967A-4ED6-BF15-E00F3E625F70@opendnssec.org> On 23 nov 2011, at 16.09, John Dickinson wrote: > https://wiki.opendnssec.org/display/OpenDNSSEC/Continuos+Integration+Testing I can't find any documentation how to configure new version or how the version matrix and the parameterized jobs work, can you add that? /Jerry From rickard at opendnssec.org Thu Nov 24 14:43:55 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Thu, 24 Nov 2011 15:43:55 +0100 Subject: [Opendnssec-develop] packaging questions about softhsm In-Reply-To: References: <6F0BC411-BCE8-4FA2-8C86-3BC7D34311F8@iis.se> <5501223D-6A2A-4CAD-8AFA-6C41D3EC96F8@iis.se> <4923C2E4-27BB-423E-A968-308FCCA82E9E@kirei.se> Message-ID: >> For the softhsm package under review for fedora/rhel/centos, I've changed >> the location passed by configure to be /usr/lib{64}/softhsm/ to prevent >> the system from treating it has a shared library. >> >> See: https://bugzilla.redhat.com/show_bug.cgi?id=711895 > > I will create a ticket for this and make sure that it is included in > the next release. This has now been fixed in trunk. https://issues.opendnssec.org/browse/SOFTHSM-2 From jad at sinodun.com Fri Nov 25 13:25:46 2011 From: jad at sinodun.com (John Dickinson) Date: Fri, 25 Nov 2011 13:25:46 +0000 Subject: [Opendnssec-develop] Status of jenkins testing In-Reply-To: <7F92B7B2-967A-4ED6-BF15-E00F3E625F70@opendnssec.org> References: <66D5E36E-78FC-4BFA-9FDA-42135FE3373B@sinodun.com> <7F92B7B2-967A-4ED6-BF15-E00F3E625F70@opendnssec.org> Message-ID: On 24 Nov 2011, at 08:54, Jerry Lundstr?m wrote: > On 23 nov 2011, at 16.09, John Dickinson wrote: > >> https://wiki.opendnssec.org/display/OpenDNSSEC/Continuos+Integration+Testing > > I can't find any documentation how to configure new version or how the version matrix and the parameterized jobs work, can you add that? > > /Jerry > Good point! Will try to find time to add this over the weekend. John --- jad at sinodun.com Sinodun Internet Technologies Ltd. Stables 4, Suite 11, Howbery Park, Wallingford, Oxfordshire, OX10 8BA, U.K. +44 (0)1491 834957 From AlexD at nominet.org.uk Fri Nov 25 14:09:10 2011 From: AlexD at nominet.org.uk (Alex Dalitz) Date: Fri, 25 Nov 2011 14:09:10 +0000 Subject: [Opendnssec-develop] Fwd: [Opendnssec-user] User input on OpenDNSSEC Auditor deprecation References: <4ECF9DCE.3030702@lacnic.net> Message-ID: From: "Carlos M. Martinez" > Date: 25 November 2011 13:53:18 GMT To: > Cc: OpenDNSSEC Users > Subject: Re: [Opendnssec-user] User input on OpenDNSSEC Auditor deprecation However, I believe it would be nice to have some form of OpenDNSSEC integrated zone checker. It should not be in the critical path of the signing process but, as Casper mentions, it should be a tool the admin can choose to run "out of band" so to speak. Luckily, there are several of these available outside of the ODS distribution. :-) Alex. -------------- next part -------------- An HTML attachment was scrubbed... URL: From jad at sinodun.com Mon Nov 28 12:10:45 2011 From: jad at sinodun.com (John Dickinson) Date: Mon, 28 Nov 2011 12:10:45 +0000 Subject: [Opendnssec-develop] Status of jenkins testing In-Reply-To: References: <66D5E36E-78FC-4BFA-9FDA-42135FE3373B@sinodun.com> <7F92B7B2-967A-4ED6-BF15-E00F3E625F70@opendnssec.org> Message-ID: <6F88314A-2B8A-49C9-A375-B5523004898C@sinodun.com> On 25 Nov 2011, at 13:25, John Dickinson wrote: > > On 24 Nov 2011, at 08:54, Jerry Lundstr?m wrote: > >> On 23 nov 2011, at 16.09, John Dickinson wrote: >> >>> https://wiki.opendnssec.org/display/OpenDNSSEC/Continuos+Integration+Testing >> >> I can't find any documentation how to configure new version or how the version matrix and the parameterized jobs work, can you add that? >> >> /Jerry >> > > > Good point! Will try to find time to add this over the weekend. I have made a stab at this if someone would like to review it. John --- jad at sinodun.com Sinodun Internet Technologies Ltd. Stables 4, Suite 11, Howbery Park, Wallingford, Oxfordshire, OX10 8BA, U.K. +44 (0)1491 834957 From yuri at NLnetLabs.nl Mon Nov 28 16:57:08 2011 From: yuri at NLnetLabs.nl (Yuri Schaeffer) Date: Mon, 28 Nov 2011 17:57:08 +0100 Subject: [Opendnssec-develop] Signer Enforcer Communication Message-ID: <4ED3BD64.5050007@nlnetlabs.nl> Today Matthijs and I figured out how the Signer should interpret the Enforcers output. It seemed like a good thing to document for future developers/us. Here it is. Will stick it somewhere on the dev wiki tomorrow. //yuri -- Yuri Schaeffer NLnet Labs http://www.nlnetlabs.nl -------------- next part -------------- A non-text attachment was scrubbed... Name: signconf.pdf Type: application/pdf Size: 98244 bytes Desc: not available URL: From rickard at opendnssec.org Tue Nov 29 08:45:13 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 29 Nov 2011 09:45:13 +0100 Subject: [Opendnssec-develop] OpenDNSSEC teleconf Message-ID: Hi I forgot to schedule a teleconf meeting the last time we met each other in Stockholm. So we should try to schedule one. Please select your preferred dates and times. http://www.doodle.com/cpse68y7cte84ay2 Cheers // Rickard From Roland.vanRijswijk at surfnet.nl Tue Nov 29 09:44:11 2011 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Tue, 29 Nov 2011 10:44:11 +0100 Subject: [Opendnssec-develop] Enforcer NG minutes 20111129 Message-ID: <9EF0F563-8C76-4607-A165-73F964517A34@surfnet.nl> Hi guys, The minutes for today's Enforcer NG telecon are online, please edit them if you have any remarks/comments/mistakes. https://wiki.opendnssec.org/display/OpenDNSSEC/2011-11-29+%28Enforcer+NG%2C+Telephone%29 Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From yuri at NLnetLabs.nl Tue Nov 29 15:03:20 2011 From: yuri at NLnetLabs.nl (Yuri Schaeffer) Date: Tue, 29 Nov 2011 16:03:20 +0100 Subject: [Opendnssec-develop] MaxZoneTTL Message-ID: <4ED4F438.1080201@nlnetlabs.nl> So I've been digging through the original Enforcer's code (a bit). And I could not find the value used for the TTLs over the zonedata. Then it hit me (Sion, correct me if wrong). The original enforcer does not use nor need that data. Since the only rollover for a ZSK is one that introduces the DNSKEY first and only then the signatures. The signer does a /smooth/ rollover, thus the signature *lifetime* is the only limiting factor. So picking any default value for MaxZoneTTL is not going to break consistency between the two implementations. Question is, what is a good value? (The signer will also use this value, as a cap on the ttl). I consulted my two nearest DNS experts and we agreed on 24 hours. Does anyone have thoughts on this? //yuri PS. While typing this I realized the original enforcer does infact need this value when start signing a previously unsigned zone. At the very least the DS must wait one Zonedata TTL. Sion, could you help me find out what this value is? -- Yuri Schaeffer NLnet Labs http://www.nlnetlabs.nl From matthijs at NLnetLabs.nl Wed Nov 30 14:26:22 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Wed, 30 Nov 2011 15:26:22 +0100 Subject: [Opendnssec-develop] OpenDNSSEC-adapters trunk Message-ID: <4ED63D0E.3030407@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, FYI: I have continued development for the OpenDNSSEC Adapters in trunk. I believe it has been stable enough to do development in trunk and the adapters will be the first coming release. Best regards, Matthijs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJO1j0OAAoJEA8yVCPsQCW5R7QH/j2EsNKVX4ChfwghvU56DZl+ gA8flKyYh1ewq2gQDgjtrLCZfwkmttMPTNM4IIZCGU9Rtm3HVGOd6lG9+f39a5u/ kE+uSq8uowlXzbREE4serrYtQci2Ky7wbF6IBK2nHr74ruMpOOmA7BPePdPNc2R+ cwCeprw6d45RnIr+/gApAd7PtG2HYCa6O3fncMPYeoYHIJpxh4z8Ix5Rk467iksw nmXdsyqa95p/EJqdj8qH17Vr4eUMP4uTlzQ4ZKgryToffuFIthJduBAOAKbhvUkD 5DwfqvnWg1Z5Kriml1AAIP7GeGtbFcxttgj+c2BZDXvMzwy9cK+vWzPxpCQZG1M= =5+Pn -----END PGP SIGNATURE----- From rickard at opendnssec.org Wed Nov 30 15:33:03 2011 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 30 Nov 2011 16:33:03 +0100 Subject: [Opendnssec-develop] OpenDNSSEC-adapters trunk In-Reply-To: <4ED63D0E.3030407@nlnetlabs.nl> References: <4ED63D0E.3030407@nlnetlabs.nl> Message-ID: ACK On Wed, Nov 30, 2011 at 3:26 PM, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > FYI: > > I have continued development for the OpenDNSSEC Adapters in trunk. I > believe it has been stable enough to do development in trunk and the > adapters will be the first coming release. > > Best regards, > ?Matthijs > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJO1j0OAAoJEA8yVCPsQCW5R7QH/j2EsNKVX4ChfwghvU56DZl+ > gA8flKyYh1ewq2gQDgjtrLCZfwkmttMPTNM4IIZCGU9Rtm3HVGOd6lG9+f39a5u/ > kE+uSq8uowlXzbREE4serrYtQci2Ky7wbF6IBK2nHr74ruMpOOmA7BPePdPNc2R+ > cwCeprw6d45RnIr+/gApAd7PtG2HYCa6O3fncMPYeoYHIJpxh4z8Ix5Rk467iksw > nmXdsyqa95p/EJqdj8qH17Vr4eUMP4uTlzQ4ZKgryToffuFIthJduBAOAKbhvUkD > 5DwfqvnWg1Z5Kriml1AAIP7GeGtbFcxttgj+c2BZDXvMzwy9cK+vWzPxpCQZG1M= > =5+Pn > -----END PGP SIGNATURE----- > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop