[Opendnssec-user] OpenDNSSEC 2.x roadmap - dynamic updates?

Klaus Darilion klaus.mailinglists at pernau.at
Tue Oct 7 07:44:07 UTC 2014

On 06.10.2014 19:15, Kevin Thompson wrote:
> Howdy all,
> I was reading the release plan[1], and I saw mentioned 'Signer - Dynamic
> updates'. Could you elaborate on that?
> Currently, the best method I've found for integrating ODS with a dynamic
> zone on one server is the CentralNIC pattern[2] - the unsigned zone is
> served by a master from a private view, injected into ODS by a DNS input
> adapter, signed file goes out, and finally the signed file is served
> statically by the master on a public view. This method works, but is a
> little cumbersome.
> I'm really hoping that what is meant by 'dynamic updates' is that ODS
> would take notifies to know when the dynamic zone is changed, would
> download the updates via IXFR, and then directly add/update/delete
> records as needed via dynamic updates. If so, this would be huge, since
> it would greatly ease integration of ODS into dynamic zones. I imagine
> the similarly mentioned "Database input and output adapter" would work
> the same way, but would directly update a database storing the zone.

I wouldn't call that "dynamic updates". This is a normal zone transfer,
using incremental zone transfer.

With dynamic updates, there is no NOTIFY with XFR, but the UPDATE is
pushed directly to the name server.


More information about the Opendnssec-user mailing list