[Opendnssec-user] addns.xml update deletes all domains

Yuri Schaeffer yuri at nlnetlabs.nl
Fri Sep 16 13:10:00 UTC 2016

Hi David,

Thanks for your report!

> I’m added zone 2 and 3.  I updated a TSIG key for domain 2 and then
> updated the enforcer and it deleted all my domains?

Well this is a bit embarrassing... Since 2.0 we declared the database
leading over the zonelist.xml for the configured zones. But to provide
backwards compatibility we still allow updating the zones via the
zonelist.xml like before.

> Usage:
> zonelist import
>         [--remove-missing-zones]                aka -r
>         [--file <absolute path>]                aka -f
> Help:
> Import zones from zonelist.xml into enforcer database.
> Options:
> remove-missing-zones    Remove any zones from database not existed in zonelist file
> file                    File to import, instead of zonelist file configured in conf.xml

As you can see we made the default not to remove zones that are no
longer in the XML. However 'update all' never included the
please-shoot-me-in-the-foot option. And instead defaults to foot shooting.

> Usage:
> update all
> Help:
> Perform policy import, update zonelist, and update repositorylist.

I understand this violates the least surprises rule and think we need to
improve this soon.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160916/b1134a03/attachment.bin>

More information about the Opendnssec-user mailing list