[Opendnssec-develop] OpenDNSSEC 1.4 and the auditor

Alex Dalitz AlexD at nominet.org.uk
Fri Nov 4 13:01:07 UTC 2011

Hi - 

The auditor has been a useful testing and debugging tool doing the early releases of OpenDNSSEC. However, it has complicated the build system with its dependency on Ruby. 

It has been a long time since the auditor found a genuine problem with OpenDNSSEC - instead, it has been the cause of several issues which have confused users.

There are now other tools available which can check the contents of signed zones - although these may not provide all of the policy checks provided by the auditor, they do check many DNSSEC attributes (e.g. NSEC(3) chains, RRSIGs, etc.).

It seems to me that it is now time to retire the auditor, starting from version 1.4. This would also remove all the nasty Ruby dependencies from OpenDNSSEC.

What does everyone else think?



More information about the Opendnssec-develop mailing list