[Opendnssec-user] Timing/triggers for ODS2 Enforcer's <DelegationSignerSubmitCommand> & <DelegationSignerRetractCommand> ?
pgnet.dev at gmail.com
Fri Jan 27 19:29:51 UTC 2017
I see others on other threads are asking re: timing/triggers for 1.4.
Lets try this again for 2.x ...
On 01/20/2017 05:24 AM, PGNet Dev wrote:
> In ODS 2.1.x, I'm working on full DS-record automation using APIs for different registrars.
> Within conf.xml, the two options for triggering scripts are
> What are the specific prerequisites & timing for these to be called?
> "Configure the <DelegationSignerSubmitCommand> if you want to have a program/script receiving the new KSK during a key rollover. This will make it possible to create a fully automatic KSK rollover, where OpenDNSSEC feed your program/script on stdin with the current set of DNSKEYs that we want to have in the parent as DS RRs. There are two examples available: an eppclient and a simple mail script. Remember that the ods-ksmutil key ds-seen must be given in order to complete the rollover. This should only be done when the new DS RRs are available on the parents public nameservers."
> it's unclear.
> Is ODS enforcer polling for a specific trigger to fire each script?
> Or do we need to add polling of some sort in the scripts themselves?
More information about the Opendnssec-user