[Opendnssec-user] Problem trying to run Signer Engine
jakob at kirei.se
Mon Sep 28 08:10:53 UTC 2009
On 25 sep 2009, at 16.45, Sitowitz, Paul wrote:
> 1. Does OpenDNSSEC require keys to be pre-generated prior to first
> or will this happen automatically based on defined key management
keygend needs to be run before first signing. we're working on
integrating keygend and communicated into once single daemon where
this will be taken care of auetomatically.
> 2. Is there a way in OpenDNSSEC to configure a parent/child
> between zones so that DS data is automatically extracted from a
> zone in order to automate the publishing of this DS data to the
> zone or is this something that needs to be done manually by a zone
> operator? Are the DS records written to a separate file which may be
> referenced by a parent zone?
not yet, but we have it on the post 1.0-radar.
> 3. Does OpenDNSSEC provide any integration points for interfacing
> with a
> parent registry?
we have discussed this, but it will not ready integrated 1.0.
> 4. A name server is notified to load a signed zone, by OpenDNSSEC,
> when a
> zone is signed. This is configured in the conf.xml configuration
> file via
> the <NotifyCommand> tag within the <Signer> tagged block. This tag
> configures the OS level command to use to notify a DNS nameserver
> when a
> zone is signed. Are these statements correct?
> Can a remote nameserver be notified? I'd really like to see an
> which identifies the interface of how information is passed from
> OpenDNSSEC to a local and remote nameserver via the NotifyCommand
> it expect input on STDIN, any special directives for passing
> from OpenDNSSEC to the configured NotifyCommand)?
I'd write a simple shellscript wrapper does what's needed. the notify
command does not take any special input. I'll add a small example to
the config file as a start.
More information about the Opendnssec-user