[Opendnssec-user] enforcer hooks

Petr Spacek pspacek at redhat.com
Fri May 16 16:01:35 UTC 2014


Hello,

I'm looking into OpenDNSSEC v 1.4.5 configuration files and I can't see any 
hooks for user scripts in Enforcer's configuration.

I would like to run my own script every time a new key is generated or 
existing key is deleted (or even better - after any state change).

What mechanism would you recommend for this purpose?

Should I watch SoftHSM/OpenDNSSEC database files and re-read them after every 
change? It seems very inefficient and error prone (think about race conditions 
...).

I think that the (theoretical) hook should be called with parameters 
equivalent to output from "ods-ksmutil key list -v" for every changed key.

Would it be possible to add those hooks?

Thank you for your time.

-- 
Petr Spacek  @  Red Hat



More information about the Opendnssec-user mailing list