[Opendnssec-user] Timing/triggers for ODS2 Enforcer's <DelegationSignerSubmitCommand> & <DelegationSignerRetractCommand> ?

pgndev pgnet.dev at gmail.com
Thu Feb 2 00:02:25 UTC 2017


On 02/01/2017 12:23 AM, Yuri Schaeffer wrote:
>> Is ODS enforcer polling for a specific trigger to fire each script?
>
> It decides based on its internal state. When a KSK is ready to be
> submitted to the parent the <DelegationSignerSubmitCommand> script
> will run. After that it waits for an external signal (ds-ssen). Given
> by either the operator of a script.
>
>> Or do we need to add polling of some sort in the scripts themselves?
>
> OpenDNSSEC does not poll the parent nameservers to see that DS
> availability. So if you fully want to automate a rollover you will need
> to do some polling yourself before you call ds-ssen.
>

That's helpful.

And what are the trigger conditions / different usage for

<DelegationSignerRetractCommand>

?

Is it triggered automatically based on internal state as well? Which?

Or does it fire on a manually executed cmd line trigger?

Understood that 'more automation' will come later -- clearer
documentation of the current state of triggers & timing, and general
usage in an automated process, even if/as it's DIY for now, would be
helpful.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170201/47e7c3c7/attachment.htm>


More information about the Opendnssec-user mailing list