[Opendnssec-user] Replacement for auditor in 1.4.0

Scott Armitage S.P.Armitage at lboro.ac.uk
Thu Mar 8 10:44:59 UTC 2012


On 8 Mar 2012, at 10:25, Einar Bjarni Halldórsson wrote:

> Hi,
> 
> After getting hit by https://issues.opendnssec.org/browse/OPENDNSSEC-216 we upgraded ods to SVN r6202. For us that means no more auditor. We're looking at alternatives, like validns, but we're unsure of how to integrate active monitoring into our setup. The zone file is updated every 20 minutes and then we call ods-signer to sign it. What we need is a way to run our monitor scripts after the zone has been signed but before it's pushed out to the nameservers.
> 
> How have you guys implemented active monitoring into your setup? Are there hooks in ods already to do this?

We haven't implemented anything, but the way I would do it would be:  

* Have the signer put the files into an intermediate directory e.g. /unchecked
* Get ODS to call a perl script using the NotifyCommand in conf.xml
* In the perl script call validns and parse the reply.  
* If validns completes successfully copy the file into the live directory and call rndc.
* If it fails send an e-mail.

(Probably not very helpful, but it's what I would do)

Thanks

Scott




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120308/b188515c/attachment.bin>


More information about the Opendnssec-user mailing list