[Opendnssec-develop] OpenDNSSEC 1.4 and the auditor

Matthijs Mekking matthijs at NLnetLabs.nl
Tue Nov 8 12:40:41 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We'll have to discuss this week in more detail how the auditing process
will work in 1.4.

My first suggestion was an optional element in conf.xml

	<Auditor>/path_to_auditor/binary -z %zone ...</Auditor</Auditor>

which will be called by the signer instead of the current auditor. We'll
have to make sure there are substitutes possible for zone name, config
file, working directory, unsigned file, signed file. This will differ
for DNS Adapters (compared to File Adapters). Perhaps an Auditor API is
needed?

By the way, 1.3 still has the auditor enabled by default.

Best regards,
  Matthijs



On 11/08/2011 01:19 PM, Roy Arends wrote:
> Hi all,
> 
> I understand the auditor is default _off_ in ODS1.3. I see no point in
> keeping it in ODS1.4, and therefor want it removed completely. Alex will
> fix bugs, if any, on the older versions.
> 
> Roy
> 
> 
> 
> On 11/4/11 2:28 PM, "Jakob Schlyter" <jakob at kirei.se> wrote:
> 
>> On 4 nov 2011, at 14:19, Alex Dalitz wrote:
>>
>>>> Yes, the auditor is already default off in trunk/ (to be 1.4). After
>>>> 1.4 has been release, we'll move it out of the tree.
>>>
>>> _AFTER_ the 1.4 release? I had been assuming removal after the 1.3
>>> branch...
>>
>> We'll discuss this in Stockholm, although I agree that we might want to
>> remove it earlier (asap).
>>
>> 	jakob
>>
>> _______________________________________________
>> Opendnssec-develop mailing list
>> Opendnssec-develop at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
> 
> _______________________________________________
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOuSNJAAoJEA8yVCPsQCW5gv0H/0CiD/IUIl4Hbq++ya+5cJ/L
hU82rD+OAS0RjmVSdMi9fhE9+0E2XjLr0D0SQTcxnbps2TCvZE21ZDllU3AALUkJ
YI2DujkpvQYWmDanHCMvMhbhGiFX9RWkb0qgAOPoxf1xwQmukjLac3HkkZEanyuI
hGjh9Vb7iyQDc3dRzUql5qwUR6HsMgl+EBzYlOugnmDgF7R/RumAltirllk4k9up
3FKIhg+3qc2DDfO/6vedyVhl0MLUma0guFrs3mdAq3GIgOokfu9HFU+C70kktIhF
02WFGX1PokszsWR+RJefogXkJ30yMFIh47kQ1eENe4DbMPSmoIkYNNvtTCEm5F8=
=lRQN
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list