[Opendnssec-user] adding a zone
matthijs at NLnetLabs.nl
Wed Dec 1 11:25:38 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
If you add a zone, the enforcer will eventually notify the signer with:
ods-signer update [<newzone>]
The signer updates the zonelist and checks for all zones in the new
zonelist if signer configurations have been changed.
If the timestamp has not changed, the signer will continue re-signing
for the zone at the given re-sign interval.
If the timestamp has been changed, but configuration values stay the
same, the zone is immediately re-signed.
If the configuration values has been changed, the zone is re-fetched
Hope that this explanation helps. As Rickard pointed out, you don't have
to signal the signer manually, the enforcer does that for you.
Also helpful would be, in order to be able to see what's going on, if
you increase the verbosity of the signer before adding the zone:
> ods-signer verbosity 6
and send me the logs.
On 11/26/2010 07:15 PM, Pierre LEBRECH wrote:
> when I add a zone, I use the command "ods-ksmutil". Then, I send a HUP signal to enforcerd to let it create
> the XML signconf for the new zone. Then, a HUP signal to ods-signerd fetch the new zone and sign it.
> The problem with this process is that all zones are scanned and fetched, just because I add a single zone.
> So, my question : Is there an easy way to add a zone, get the zone signed, without scanning all the zones?
> Notice : I use ODS version 1.2.0rc2 from tar.gz
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Opendnssec-user