[Opendnssec-user] Replacement for auditor in 1.4.0
Mathieu Arnold
mat at mat.cc
Thu Mar 8 11:19:24 UTC 2012
+--On 8 mars 2012 11:47:51 +0100 Jakob Schlyter <jakob at kirei.se> wrote:
| On 8 mar 2012, at 11:44, Scott Armitage wrote:
|
|> We haven't implemented anything, but the way I would do it would be:
|>
|> * Have the signer put the files into an intermediate directory e.g.
|> /unchecked * Get ODS to call a perl script using the NotifyCommand in
|> conf.xml * In the perl script call validns and parse the reply.
|> * If validns completes successfully copy the file into the live
|> directory and call rndc. * If it fails send an e-mail.
|
| This is how we (the developers) envisioned this to be done now that the
| auditor has left the building.
|
| jakob
But, hum, how can a tool like validns know things the auditor did, like
what keys should be in the zone, if it's not too soon to be used, or if the
NSEC3PARAM seed is the right one, or things like that ?
--
Mathieu Arnold
More information about the Opendnssec-user
mailing list