[Opendnssec-user] addns.xml update deletes all domains
yuri at nlnetlabs.nl
Fri Sep 16 13:10:00 UTC 2016
Thanks for your report!
> I’m added zone 2 and 3. I updated a TSIG key for domain 2 and then
> updated the enforcer and it deleted all my domains?
Well this is a bit embarrassing... Since 2.0 we declared the database
leading over the zonelist.xml for the configured zones. But to provide
backwards compatibility we still allow updating the zones via the
zonelist.xml like before.
> zonelist import
> [--remove-missing-zones] aka -r
> [--file <absolute path>] aka -f
> Import zones from zonelist.xml into enforcer database.
> remove-missing-zones Remove any zones from database not existed in zonelist file
> file File to import, instead of zonelist file configured in conf.xml
As you can see we made the default not to remove zones that are no
longer in the XML. However 'update all' never included the
please-shoot-me-in-the-foot option. And instead defaults to foot shooting.
> update all
> Perform policy import, update zonelist, and update repositorylist.
I understand this violates the least surprises rule and think we need to
improve this soon.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 163 bytes
Desc: OpenPGP digital signature
More information about the Opendnssec-user