[Opendnssec-user] syslog: please submit the new DS
Rickard Bellgrim
rickard.bellgrim at iis.se
Mon Nov 29 12:44:07 UTC 2010
On 28 nov 2010, at 21.01, Sebastian Castro wrote:
> In our testing environment we are using a home-made Perl script that
> acts as DelegationSignerSubmitCommand, saving the DS record on a file
> and sending it my email.
I have also updated the documentation to include this element that can be used in conf.xml.
Configure the <DelegationSignerSubmitCommand> if you want to have a program/script receiving the new KSK during a key rollover. This will make it possible to create a fully automatic KSK rollover, where OpenDNSSEC feed your program/script on stdin with the current set of DNSKEYs that we want to have in the parent as DS RRs. There are two examples available: an eppclient and a simple mail script. Remember that the ods-ksmutil key ds-seen must be given in order to complete the rollover. This should only be done when the new DS RRs are available on the parents public nameservers.
// Rickard
More information about the Opendnssec-user
mailing list