[Opendnssec-user] Our unsigned zones change every 5 minutes - will they automatically be signed?
Harald A. Irmer
Harald.Irmer at KIT.edu
Thu Aug 29 13:29:55 UTC 2013
Hi Patrik,
thank you!
Found out myself how it could work:
1. Some admin down the line changes/adds a zone entry at 8am on
Saturday. I'm still sleeping.
2. Our zone production engine creates then automatically:
2.1 The primary zone, (to wich PTR points to), mainly A, AAAA and MX
records.
2.2 Some secondary zones, mainly A, AAAA and MX records.
2.3 IPv4 and IPv6 reverse zones.
3. Zones in /var/opendnssec/signed will be deleted.
4. Zones in /var/opendnssec/unsigned will be rsynced from zone
production engine.
5. For all zone in 2.*: ods-signer sign <$zone>
6. For all zone in 2.*: rsync to all nameservers
/var/opendnssec/signed/$zone
7. Reload nameservers
Thank you, all!
On 29.08.2013 15:03, Patrik Wallström wrote:
> On Aug 29, 2013, at 2:41 PM, Harald A. Irmer <Harald.Irmer at KIT.edu> wrote:
>
>> Hi Ondřej,
>>
>> thanks a lot!
>>
>> On 29.08.2013 14:22, Ondřej Caletka wrote:
>>> Hi Harald,
>>>
>>> Dne 29.8.2013 13:56, Harald A. Irmer napsal(a):
>>>> Our unsigned zones change every 5 minutes - maybe I can defer changes up
>>>> to every 15 minutes - are the signed zones then produced accordingly
>>>> _automatically_?
>>> After update of an unsigned zone, call 'ods-signer sign <zone>'
>>> everything else is automatic.
>>
(...)
--
Karlsruhe Institute of Technology (KIT)
ATIS - IT Infrastruture and Services, Faculty of Computer Science
Harald A. Irmer
IT Manager / Computer Networks Group
Am Fasanengarten 5
Building 50.34
76131 Karlsruhe, Germany
Phone: +49 721 608-46963
Fax: +49 721 608-46699
Email: harald.irmer at kit.edu
http://www.kit.edu/
KIT University of the State of Baden-Wuerttemberg and
National Laboratory of the Helmholtz Association
More information about the Opendnssec-user
mailing list