[Opendnssec-user] Database support for OpenDNSSEC
Matthijs Mekking
matthijs at NLnetLabs.nl
Thu Nov 18 10:08:53 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/18/2010 10:34 AM, Simon Mittelberger wrote:
> Hi Matthijs,
>
>
> Am Mittwoch, den 17.11.2010, 10:21 +0100 schrieb Matthijs Mekking:
>> Currently, the auditor is already provided with internal files. The
>> signer working directories makes a copy to .unsorted and a signed copy
>> to .finalized before writing the zone and the auditor will make his
>> checks against these files. So, I don't see why it should be different
>> with mySQL adapters.
>
>
> thanks for clarifying.
>
> It is now working as follows:
> - the mysql adapter writes the zone to zonename.inbound
> - opendnssec can then proceed, using the file adapter for the internal
> files.
> - after signing the zone, the mysql adapter writes the records to the
> database.
>
> If the input adapter is specified as mysql and the output adapter as
> file it works fine.
>
> The mysql output adapter gives me still some headache:
> The auditor seems to need/load the file specified in:
> <Adapters><Output><File>...</File></Output></Adapters> in zonelist.xml
> Please see line 67 - 71 in auditor/lib/kasp_auditor/parse.rb
>
> I am not sure if I have the right idea of what is done here: Does the
> auditor make a check if the signed zonefile is present? Because the
> audit is done with zonename.finalized and at the moment the auditor is
> called the file does not yet exist.
For clarification, which file does not yet exist at the moment the
auditor is called? I think you mean the output file.
If I'm correct, the auditor keeps track of the previous signed zone
file, to track the serial increasings. However, this is an optional
check for the auditor, not one that should make the auditing process
fail. Alex should be able to tell you all about the auditor in detail.
Best regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJM5Ps1AAoJEA8yVCPsQCW5MEYH/jhkLRCawx0KjOqk/VaD0MEj
CkX7oHKaOxHlzGzHFZLoXKGn3kN+MSvNAu9ctdK5nruTPfBe3GWYPH44+mM3knrG
ESTthLd+Lq+BJfRoW8T2Tdnj+K2TWSls41sCeYcJE9u/qeVvYxyZsRPIpDCv1ew8
7t113xgOM0kNnMNq6Q38Mrqf7bqqF/XkeAFVJIhuM4OWUoZOFEOZzxp5CMHnP9NF
Wgrarw8lTfgSvJ8xpOprZcjz9qHZlgb3Nk2h3Kf/ykxIovnCcfqlxuEIaTUKqRA1
8YjCLED1w76KT358olTU4SJLqPlJwclxYypKWy3CPfPdySQmqWeJRHn+ra3Clw4=
=DuBu
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list