[Opendnssec-user] Empty zonelists not permitted?

Rick van Rein rick at openfortress.nl
Tue Jul 6 06:30:46 UTC 2010

Hello all,

We are scripting a push-button DNSSEC service around OpenDNSSEC, as foreseen
in the project (and its logo).  As part of that, we generate kasp.xml and
zonelist.xml from scripts.  OpenDNSSEC appears to be quite suitable for this!

We found that empty lists of zones are not welcomed by OpenDNSSEC.  Is there a
specific reason for this?  We'd prefer if our system wouldn't get disrupted in
this possible (intermediate) state.

The same applies to policies -- we generate policies because we group zones that
need to share a key set in the HSM.  We assign a key set to each independent
customer of SURFnet.  But if there are no zones, there are no groups, and no
policies either.  Are we crazy for trying to create an empty list of policies
in case the list of zones is empty, or are we merely exploring new areas?


More information about the Opendnssec-user mailing list