[Opendnssec-user] Being notified of a ZSK rollover?
sion at nominet.org.uk
sion at nominet.org.uk
Wed Feb 3 09:14:07 UTC 2010
> > I would like to know when a ZSK rollover takes place. In conf.xml,
> > there is <NotifyCommand> for the signer, but I find no equivalent for
> > key rollovers. (The only workaround seems to be a parsing of the
> > syslog files.)
>
> There will be a "notify" for KSK for 1.1, but not ZSK. The receiving
> command must accept the zone name and current set of KSKs that
> OpenDNSSEC want to publish at the parent.
>
> What is your idea of ZSK rollover notification?
There is currently a configurable notify for KSK rollovers, the
rolloverNotify tag. However all this does is send a message to syslog which
the user is expected to look out for. (As I recall this is how all of our
notifies are going to work, the NotifyCommand is an exception.)
This mechanism can be extended to cover ZSK rollovers too.
Sion
More information about the Opendnssec-user
mailing list