[Opendnssec-user] addns.xml update deletes all domains
david at dnservices.co.za
Fri Sep 16 13:35:17 UTC 2016
So my understanding is that for the time being I’m going to have to run the following after adding or removing a zone.
ods-enforcer loneliest export
To avoid any foot-shootery?
> On 16 Sep 2016, at 3:10 PM, Yuri Schaeffer <yuri at nlnetlabs.nl> wrote:
> Hi David,
> Thanks for your report!
>> I’m added zone 2 and 3. I updated a TSIG key for domain 2 and then
>> updated the enforcer and it deleted all my domains?
> Well this is a bit embarrassing... Since 2.0 we declared the database
> leading over the zonelist.xml for the configured zones. But to provide
> backwards compatibility we still allow updating the zones via the
> zonelist.xml like before.
>> zonelist import
>> [--remove-missing-zones] aka -r
>> [--file <absolute path>] aka -f
>> Import zones from zonelist.xml into enforcer database.
>> remove-missing-zones Remove any zones from database not existed in zonelist file
>> file File to import, instead of zonelist file configured in conf.xml
> As you can see we made the default not to remove zones that are no
> longer in the XML. However 'update all' never included the
> please-shoot-me-in-the-foot option. And instead defaults to foot shooting.
>> update all
>> Perform policy import, update zonelist, and update repositorylist.
> I understand this violates the least surprises rule and think we need to
> improve this soon.
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4354 bytes
Desc: not available
More information about the Opendnssec-user