[Opendnssec-user] Old policies in database
sion at nominet.org.uk
Fri Nov 18 10:25:38 UTC 2011
On 18/11/11 09:26, Casper Gielen wrote:
> I just discovered that there are a number of old policies in the database that are no longer in kasp.xml:
> # grep name /etc/opendnssec/kasp.xml
> <Policy name="uvtonly">
> <Policy name="fulldnssec">
> <Policy name="testshort">
> # ods-ksmutil policy list
> Name: Description:
> default A default ...
> fulldnssec Policy voor ....
> nostandby Policy without...
> nostandbykeys Policy without...
> testshort Test policy for ....
> uvtonly Zones that ...
Yes, although unused policies are largely ignored (they will generate
the odd line in the log file) they will not automatically be deleted
from the database.
There is a command:
ods-ksmutil policy purge
which removes policies that have no zones on them. Two things to note
1) This function is described as experimental as it doesn't get regular
use, so I would strongly advise backing up your database and kasp.xml
before running it.
2) It might rely on kasp.xml matching the database, so you may need to
add at least:
for it to work.
More information about the Opendnssec-user