[Opendnssec-user] Timing/triggers for ODS2 Enforcer's <DelegationSignerSubmitCommand> & <DelegationSignerRetractCommand> ?

PGNet Dev pgnet.dev at gmail.com
Fri Jan 27 19:29:51 UTC 2017


I see others on other threads are asking re: timing/triggers for 1.4.

Lets try this again for 2.x ...

On 01/20/2017 05:24 AM, PGNet Dev wrote:
> In ODS 2.1.x, I'm working on full DS-record automation using APIs for different registrars.
>
> Within conf.xml, the two options for triggering scripts are
>
> 	<DelegationSignerSubmitCommand>
> 	<DelegationSignerRetractCommand>
>
> What are the specific prerequisites & timing for these to be called?
>
> Reading
>
> 	https://www.opendnssec.org/documentation/using-opendnssec/
>
> 		"Configure the <DelegationSignerSubmitCommand> if you want to have a program/script receiving the new KSK during a key rollover. This will make it possible to create a fully automatic KSK rollover, where OpenDNSSEC feed your program/script on stdin with the current set of DNSKEYs that we want to have in the parent as DS RRs. There are two examples available: an eppclient and a simple mail script. Remember that the ods-ksmutil key ds-seen must be given in order to complete the rollover. This should only be done when the new DS RRs are available on the parents public nameservers."
>
> it's unclear.
>
> Is ODS enforcer polling for a specific trigger to fire each script?
>
> Or do we need to add polling of some sort in the scripts themselves?
>




More information about the Opendnssec-user mailing list