[Opendnssec-develop] RE: OpenDNSSEC 1.4 and the auditor

Nick van den Heuvel nick.vandenheuvel at sidn.nl
Fri Nov 4 13:07:06 UTC 2011

Hi Alex,

Maybe it's wise to consult our users. I can imagine that some of them use the auditor in their signing process. On the other hand if we have a clear overview of our development and test processes we can remove the auditor from OpenDNSSEC.


Met vriendelijke groet,

Nick van den Heuvel
Test analist

SIDN | Meander 501 | 6825 MD | Postbus 5022 | 6802 EA | ARNHEM
T +31 (0)26 352 55 93 | F +31 (0)26 352 55 05 | jabber: nick.vandenheuvel at jabber.sidn.nl
nick.vandenheuvel at sidn.nl | www.sidn.nl

SIDN heeft een nieuw domein! Sinds 31 oktober zijn wij gevestigd op een nieuw adres: 
Meander 501, 6825 MD Arnhem. 
Het postadres en de telefoonnummers blijven ongewijzigd.

SIDN has a new domain! Since 31 October, our office address is:
Meander 501, 6825 MD Arnhem, The Netherlands. 
Our postal address and phone numbers remain unchanged.

-----Original Message-----
From: opendnssec-develop-bounces at lists.opendnssec.org [mailto:opendnssec-develop-bounces at lists.opendnssec.org] On Behalf Of Alex Dalitz
Sent: vrijdag 4 november 2011 14:01
To: <opendnssec-develop at lists.opendnssec.org>
Subject: [Opendnssec-develop] OpenDNSSEC 1.4 and the auditor

Hi - 

The auditor has been a useful testing and debugging tool doing the early releases of OpenDNSSEC. However, it has complicated the build system with its dependency on Ruby. 

It has been a long time since the auditor found a genuine problem with OpenDNSSEC - instead, it has been the cause of several issues which have confused users.

There are now other tools available which can check the contents of signed zones - although these may not provide all of the policy checks provided by the auditor, they do check many DNSSEC attributes (e.g. NSEC(3) chains, RRSIGs, etc.).

It seems to me that it is now time to retire the auditor, starting from version 1.4. This would also remove all the nasty Ruby dependencies from OpenDNSSEC.

What does everyone else think?


Opendnssec-develop mailing list
Opendnssec-develop at lists.opendnssec.org

More information about the Opendnssec-develop mailing list