[Opendnssec-user] User input on OpenDNSSEC Auditor deprecation

Casper Gielen c.gielen at uvt.nl
Fri Nov 25 12:24:55 UTC 2011


On 17-11-11 14:39, Jakob Schlyter wrote:
> Greetings,
> 
> Due to the inability to operate together with upcoming Signer Engine features like IXFR, we're considering removing the Auditor from future versions of OpenDNSSEC. Other reasons for this is that we believe that the Auditor has played is part in the OpenDNSSEC development process, it now often introduces more problems for our users than helping and there are now multiple alternative zone checkers available.
> 
> We now solicit user input on this plan from users activly using the Auditor (as opposed to just using it since it is enabled by default). Please submit your comments to the OpenDNSSEC users list (opendnssec-user at lists.opendnssec.org) no later than December 2nd.

I can't recall ever having seen a usefull, true positive from the auditor
so I wouldn't miss it*. In fact, I've recently disabled it all together to
make the signing process go faster. My environment expects near-instantaneous
DNS-updates.

Instead I run the auditor from a nightly cron-job. It complains about a
decreased SOA serial on every zone but AFAIK that is unavoidable when
editting zones manually.

* this is not a critique, it just shows that things work rather well

-- 
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981  63B8 2214 083C F80E 4AF7

Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl





More information about the Opendnssec-user mailing list