Hi Rick, Yes, no, yes, almost.
> The commands sent through ods-signer are not documented, right? So, did > I guess this correctly? Sparsely indeed: https://wiki.opendnssec.org/display/DOCS/Command+Utilities#CommandUtilities-ods-signer > ods-signer update <zone> > > notifies the ods-signerd of a (possibly) updated .signconf file, and > request it to implement the ramifications of the new zone configuration yes > ods-signer clear <zone> > > notifies the ods-signerd that a zone should be removed from the queue, > presumably because it has been taken out of the zonelist.xml which the > ods-signerd does not monitor No. It will actually clear all files related to the zone. So Next time it will be signed it will be a complete resign and no previous signatures will be used. > ods-signer sign <zone> > > requests that ods-signerd signs the zone right now, and bumps the SOA > serial in the process yes > I would imagine that the ods-enforcerd uses these commands because it > seems to need to make such notifications. I haven't checked the code but I think the signer basically only calls update <zone> //Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
