[Opendnssec-user] ods-signer commands
Yuri Schaeffer
yuri at nlnetlabs.nl
Thu Jul 6 16:00:43 UTC 2017
Hi Rick,
Yes, no, yes, almost.
> The commands sent through ods-signer are not documented, right? So, did
> I guess this correctly?
Sparsely indeed:
https://wiki.opendnssec.org/display/DOCS/Command+Utilities#CommandUtilities-ods-signer
> ods-signer update <zone>
>
> notifies the ods-signerd of a (possibly) updated .signconf file, and
> request it to implement the ramifications of the new zone configuration
yes
> ods-signer clear <zone>
>
> notifies the ods-signerd that a zone should be removed from the queue,
> presumably because it has been taken out of the zonelist.xml which the
> ods-signerd does not monitor
No. It will actually clear all files related to the zone. So Next time
it will be signed it will be a complete resign and no previous
signatures will be used.
> ods-signer sign <zone>
>
> requests that ods-signerd signs the zone right now, and bumps the SOA
> serial in the process
yes
> I would imagine that the ods-enforcerd uses these commands because it
> seems to need to make such notifications.
I haven't checked the code but I think the signer basically only calls
update <zone>
//Yuri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170706/763a372b/attachment.bin>
More information about the Opendnssec-user
mailing list