[Opendnssec-develop] OpenDNSSEC 1.4 and the auditor
Jakob Schlyter
jakob at kirei.se
Tue Nov 8 12:54:48 UTC 2011
On 8 nov 2011, at 13:40, Matthijs Mekking wrote:
> My first suggestion was an optional element in conf.xml
>
> <Auditor>/path_to_auditor/binary -z %zone ...</Auditor</Auditor>
>
> which will be called by the signer instead of the current auditor. We'll
> have to make sure there are substitutes possible for zone name, config
> file, working directory, unsigned file, signed file. This will differ
> for DNS Adapters (compared to File Adapters). Perhaps an Auditor API is
> needed?
I think the above would be enough. If that command exists and returns non-zero, reject the zone.
> By the way, 1.3 still has the auditor enabled by default.
I don't have a problem with that, we can remove it 1.4 anyway.
jakob
--
Jakob Schlyter
Kirei AB - http://www.kirei.se/
More information about the Opendnssec-develop
mailing list