[Opendnssec-develop] OpenDNSSEC 1.4 and the auditor
matthijs at NLnetLabs.nl
Tue Nov 8 12:40:41 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
We'll have to discuss this week in more detail how the auditing process
will work in 1.4.
My first suggestion was an optional element in conf.xml
<Auditor>/path_to_auditor/binary -z %zone ...</Auditor</Auditor>
which will be called by the signer instead of the current auditor. We'll
have to make sure there are substitutes possible for zone name, config
file, working directory, unsigned file, signed file. This will differ
for DNS Adapters (compared to File Adapters). Perhaps an Auditor API is
By the way, 1.3 still has the auditor enabled by default.
On 11/08/2011 01:19 PM, Roy Arends wrote:
> Hi all,
> I understand the auditor is default _off_ in ODS1.3. I see no point in
> keeping it in ODS1.4, and therefor want it removed completely. Alex will
> fix bugs, if any, on the older versions.
> On 11/4/11 2:28 PM, "Jakob Schlyter" <jakob at kirei.se> wrote:
>> On 4 nov 2011, at 14:19, Alex Dalitz wrote:
>>>> Yes, the auditor is already default off in trunk/ (to be 1.4). After
>>>> 1.4 has been release, we'll move it out of the tree.
>>> _AFTER_ the 1.4 release? I had been assuming removal after the 1.3
>> We'll discuss this in Stockholm, although I agree that we might want to
>> remove it earlier (asap).
>> Opendnssec-develop mailing list
>> Opendnssec-develop at lists.opendnssec.org
> Opendnssec-develop mailing list
> Opendnssec-develop at lists.opendnssec.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop