[Opendnssec-develop] Authoritiative: file vs database

Sara Dickinson sara at sinodun.com
Sat Sep 29 13:25:50 UTC 2012

On 27 Sep 2012, at 12:57, Jerry Lundström wrote:

> On Sep 27, 2012, at 12:19 , Sara Dickinson wrote:
>> With a little more thought I realised that this doesn't completely de-couple the file dependancies (i.e. aiming for a situation where the signer then only needs the /var/opendnssec dir) since the signer also requires the addns.xml file from the /etc/opendnssec directory....
> I don't think that is an issue since addns.xml is only read by the signer and its a user generated configure file so it should be in /etc.

Sorry - should have been clearer. This solution does solve the current issue with conflicts between the signer and enforcer use of a single zone list file. However Jakob and I had a conversation about this from an architectural point of view in terms of the interface between the enforcer and signer, and possibly replacing the/var/opendnssec/*. xml files with something else in future. Also, we initially thought this solution could simplify the HA set of of a secondary signer since the user would only have to copy the /var/opendnssec dir across but this is not the case. 

Yuri - this is directly related to https://issues.opendnssec.org/browse/OPENDNSSEC-197 and different to what we agreed in the developer workshop so lets recap when you get round to implementing  this issue. 


> --
> Jerry Lundström - OpenDNSSEC Developer
> http://www.opendnssec.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20120929/a36ec0e9/attachment.htm>

More information about the Opendnssec-develop mailing list