> > I would like to know when a ZSK rollover takes place. In conf.xml, > > there is <NotifyCommand> for the signer, but I find no equivalent for > > key rollovers. (The only workaround seems to be a parsing of the > > syslog files.) > > There will be a "notify" for KSK for 1.1, but not ZSK. The receiving > command must accept the zone name and current set of KSKs that > OpenDNSSEC want to publish at the parent. > > What is your idea of ZSK rollover notification?
There is currently a configurable notify for KSK rollovers, the rolloverNotify tag. However all this does is send a message to syslog which the user is expected to look out for. (As I recall this is how all of our notifies are going to work, the NotifyCommand is an exception.) This mechanism can be extended to cover ZSK rollovers too. Sion _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
