[Opendnssec-user] Enforcerd and signerd decoupling

Petr Spacek pspacek at redhat.com
Mon Apr 14 11:46:14 UTC 2014

On 12.4.2014 21:31, Jakob Schlyter wrote:
> On 11 mar 2014, at 10:05, Petr Spacek <pspacek at redhat.com> wrote:
>> Let me add that we rely on the ability to use enforcer separately without signer (as it was described in thread "distributed OpenDNSSEC").
>> We will be very unhappy if this ability should be lost ...
> We have no plans to merge the two, but we are looking at future ways to speed up the enforcer-signer communication. I believe the XML files works mostly fine, but they don't really scale for a lot of zones. Any ideas what to look into for future work would be most useful.

I can tell you what we do in FreeIPA project:
We store configuration directly in the database.

The database backend supports asynchronous notification mechanism so all 
interested parties get notification almost immediately after the change.

Petr^2 Spacek

More information about the Opendnssec-user mailing list