[Opendnssec-develop] Authoritiative: file vs database
Sara Dickinson
sara at sinodun.com
Sat Sep 29 13:25:50 UTC 2012
On 27 Sep 2012, at 12:57, Jerry Lundström wrote:
> On Sep 27, 2012, at 12:19 , Sara Dickinson wrote:
>
>> With a little more thought I realised that this doesn't completely de-couple the file dependancies (i.e. aiming for a situation where the signer then only needs the /var/opendnssec dir) since the signer also requires the addns.xml file from the /etc/opendnssec directory....
>
>
> I don't think that is an issue since addns.xml is only read by the signer and its a user generated configure file so it should be in /etc.
Sorry - should have been clearer. This solution does solve the current issue with conflicts between the signer and enforcer use of a single zone list file. However Jakob and I had a conversation about this from an architectural point of view in terms of the interface between the enforcer and signer, and possibly replacing the/var/opendnssec/*. xml files with something else in future. Also, we initially thought this solution could simplify the HA set of of a secondary signer since the user would only have to copy the /var/opendnssec dir across but this is not the case.
Yuri - this is directly related to https://issues.opendnssec.org/browse/OPENDNSSEC-197 and different to what we agreed in the developer workshop so lets recap when you get round to implementing this issue.
Sara.
>
> --
> Jerry Lundström - OpenDNSSEC Developer
> http://www.opendnssec.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20120929/a36ec0e9/attachment.htm>
More information about the Opendnssec-develop
mailing list