On 18/11/11 09:26, Casper Gielen wrote:
Hello,
I just discovered that there are a number of old policies in the database that
are no longer in kasp.xml:
# grep name /etc/opendnssec/kasp.xml
<Policy name="uvtonly">
<Policy name="fulldnssec">
<Policy name="testshort">
# ods-ksmutil policy list
Policies:
Name: Description:
default A default ...
fulldnssec Policy voor ....
nostandby Policy without...
nostandbykeys Policy without...
testshort Test policy for ....
uvtonly Zones that ...
Yes, although unused policies are largely ignored (they will generate
the odd line in the log file) they will not automatically be deleted
from the database.
There is a command:
ods-ksmutil policy purge
which removes policies that have no zones on them. Two things to note
though...
1) This function is described as experimental as it doesn't get regular
use, so I would strongly advise backing up your database and kasp.xml
before running it.
2) It might rely on kasp.xml matching the database, so you may need to
add at least:
<Policy name="default"></Policy>
for it to work.
Sion
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
