[Opendnssec-develop] Passing through signed zones
Rick van Rein (OpenFortress)
rick at openfortress.nl
Thu Jun 13 14:43:27 UTC 2013
Hallo,
> We have this issue for passing through unsigned zones:
You must mean "for passing zones without adding signatures".
The zone might already be signed of course.
> The user should configure in the zonelist.xml if a zone should be passed
> through by using a special name:
>
> <Policy>passthrough</Policy>
I assume this is a user-picked name that suggests to them what they mean, but that the name is not, as Jakob assumed from this text, in any way special.
I assume the real configuration would come down to setting no cryptographic configuration, or explicitly selecting a null or passthrough mechanism for signing/keying?
> Con:
- Temporary passthrough signatures, such as during a zone migration between vendors, could end up requiring a change of signing policy. You might not be prepared to support that.
> What do you think?
I think it's wonderful that this is being added. I've missed it for a long time.
-Rick
More information about the Opendnssec-develop
mailing list