[Opendnssec-user] Announce: EnforcerNG alpha snapshot
Yuri Schaeffer
yuri at NLnetLabs.nl
Tue Oct 18 12:01:47 UTC 2011
Greetings,
For those who would like to play with the current development version of
EnforcerNG a second alpha snapshot is made [1]. Needles to say, it's
*not* production ready. We would however welcome any feedback you might
have.
Most important change over the 1st alpha is the support for different
rollover types (the order in which the resource records are published).
Alpha 2 introduces the KskRollType, ZskRollType, and CskRollType
elements in kasp.xml for use in the KSK, ZSK and CSK sections.
Valid values are:
[ KskDoubleRRset | KskDoubleDS | KskDoubleSignature |
ZskDoubleSignature | ZskPrePublication | ZskDoubleRRsig |
CskDoubleRRset | CskSingleSignature | CskDoubleDS |
CskDoubleSignature | CskPrePublication ]
These values correspond directly with the rollover types described
in the Internet Draft: draft-mekking-dnsop-dnssec-key-timing-bis-02
The various Rollover Types influence the traffic to your zone and the
speed of a rollover. The enforcer uses them as a strong hint, in
case of a conflict (for example ZskPrePublication is impossible
during a algorithm rollover) these hints are relaxed.
See README.enforcer_testers [2] for more information about EnforcerNG.
Regards,
Yuri Schaeffer
[1] http://svn.opendnssec.org/tags/OpenDNSSEC-enforcer-ng-20111018/
[2]
http://svn.opendnssec.org/tags/OpenDNSSEC-enforcer-ng-20111018/README.enforcer_testers
--
Yuri Schaeffer
NLnet Labs
http://www.nlnetlabs.nl
More information about the Opendnssec-user
mailing list