[Opendnssec-user] addns.xml update deletes all domains

David Peall david at dnservices.co.za
Fri Sep 16 13:35:17 UTC 2016 

Hi

So my understanding is that for the time being I’m going to have to run the following after adding or removing a zone.
ods-enforcer loneliest export 

To avoid any foot-shootery?

Regards
—
David Peall

> On 16 Sep 2016, at 3:10 PM, Yuri Schaeffer <yuri at nlnetlabs.nl> wrote:
> 
> Hi David,
> 
> Thanks for your report!
> 
>> I’m added zone 2 and 3.  I updated a TSIG key for domain 2 and then
>> updated the enforcer and it deleted all my domains?
> 
> Well this is a bit embarrassing... Since 2.0 we declared the database
> leading over the zonelist.xml for the configured zones. But to provide
> backwards compatibility we still allow updating the zones via the
> zonelist.xml like before.
> 
>> Usage:
>> zonelist import
>>        [--remove-missing-zones]                aka -r
>>        [--file <absolute path>]                aka -f
>> 
>> Help:
>> Import zones from zonelist.xml into enforcer database.
>> 
>> Options:
>> remove-missing-zones    Remove any zones from database not existed in zonelist file
>> file                    File to import, instead of zonelist file configured in conf.xml
> 
> As you can see we made the default not to remove zones that are no
> longer in the XML. However 'update all' never included the
> please-shoot-me-in-the-foot option. And instead defaults to foot shooting.
> 
>> Usage:
>> update all
>> 
>> Help:
>> Perform policy import, update zonelist, and update repositorylist.
> 
> I understand this violates the least surprises rule and think we need to
> improve this soon.
> 
> Regards,
> Yuri
> 
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4354 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160916/e74aee18/attachment.bin>

More information about the Opendnssec-user mailing list