[Opendnssec-user] ods-signer commands

Yuri Schaeffer yuri at nlnetlabs.nl
Thu Jul 6 16:00:43 UTC 2017

Hi Rick,

Yes, no, yes, almost.

> The commands sent through ods-signer are not documented, right?  So, did
> I guess this correctly?

Sparsely indeed:

> ods-signer update <zone>
>   notifies the ods-signerd of a (possibly) updated .signconf file, and
> request it to implement the ramifications of the new zone configuration


> ods-signer clear <zone>
>   notifies the ods-signerd that a zone should be removed from the queue,
> presumably because it has been taken out of the zonelist.xml which the
> ods-signerd does not monitor

No. It will actually clear all files related to the zone. So Next time
it will be signed it will be a complete resign and no previous
signatures will be used.

> ods-signer sign <zone>
>   requests that ods-signerd signs the zone right now, and bumps the SOA
> serial in the process


> I would imagine that the ods-enforcerd uses these commands because it
> seems to need to make such notifications.

I haven't checked the code but I think the signer basically only calls
update <zone>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170706/763a372b/attachment.bin>

More information about the Opendnssec-user mailing list