[Opendnssec-user] Old policies in database

[Siôn Lloyd]

On 18/11/11 09:26, Casper Gielen wrote:
> Hello,
> I just discovered that there are a number of old policies in the database that are no longer in kasp.xml:
>
>
> # grep name /etc/opendnssec/kasp.xml
>          <Policy name="uvtonly">
>          <Policy name="fulldnssec">
>          <Policy name="testshort">
>
> # ods-ksmutil policy list
> Policies:
> Name:           Description:
> default         A default ...
> fulldnssec      Policy voor ....
> nostandby       Policy without...
> nostandbykeys   Policy without...
> testshort       Test policy for ....
> uvtonly         Zones that ...
>

Yes, although unused policies are largely ignored (they will generate 
the odd line in the log file) they will not automatically be deleted 
from the database.

There is a command:

ods-ksmutil policy purge

which removes policies that have no zones on them. Two things to note 
though...

1) This function is described as experimental as it doesn't get regular 
use, so I would strongly advise backing up your database and kasp.xml 
before running it.
2) It might rely on kasp.xml matching the database, so you may need to 
add at least:

<Policy name="default"></Policy>

for it to work.

Sion