[Opendnssec-user] Enforcerd and signerd decoupling
Petr Spacek
pspacek at redhat.com
Mon Apr 14 11:46:14 UTC 2014
On 12.4.2014 21:31, Jakob Schlyter wrote:
> On 11 mar 2014, at 10:05, Petr Spacek <pspacek at redhat.com> wrote:
>
>> Let me add that we rely on the ability to use enforcer separately without signer (as it was described in thread "distributed OpenDNSSEC").
>>
>> We will be very unhappy if this ability should be lost ...
>
> We have no plans to merge the two, but we are looking at future ways to speed up the enforcer-signer communication. I believe the XML files works mostly fine, but they don't really scale for a lot of zones. Any ideas what to look into for future work would be most useful.
I can tell you what we do in FreeIPA project:
We store configuration directly in the database.
The database backend supports asynchronous notification mechanism so all
interested parties get notification almost immediately after the change.
--
Petr^2 Spacek
More information about the Opendnssec-user
mailing list