Personally, the auditor was one of the biggest headaches I had when I started using OpenDNSSEC. In fact, my whole outlook on OpenDNSSEC changed when I disabled it altogether.
However, I believe it would be nice to have some form of OpenDNSSEC integrated zone checker. It should not be in the critical path of the signing process but, as Casper mentions, it should be a tool the admin can choose to run "out of band" so to speak. regards Carlos On 11/25/11 10:24 AM, Casper Gielen wrote: > On 17-11-11 14:39, Jakob Schlyter wrote: >> Greetings, >> >> Due to the inability to operate together with upcoming Signer Engine >> features like IXFR, we're considering removing the Auditor from future >> versions of OpenDNSSEC. Other reasons for this is that we believe that the >> Auditor has played is part in the OpenDNSSEC development process, it now >> often introduces more problems for our users than helping and there are now >> multiple alternative zone checkers available. >> >> We now solicit user input on this plan from users activly using the Auditor >> (as opposed to just using it since it is enabled by default). Please submit >> your comments to the OpenDNSSEC users list >> ([email protected]) no later than December 2nd. > I can't recall ever having seen a usefull, true positive from the auditor > so I wouldn't miss it*. In fact, I've recently disabled it all together to > make the signing process go faster. My environment expects near-instantaneous > DNS-updates. > > Instead I run the auditor from a nightly cron-job. It complains about a > decreased SOA serial on every zone but AFAIK that is unavoidable when > editting zones manually. > > * this is not a critique, it just shows that things work rather well > -- Carlos M. Martinez LACNIC I+D PGP KeyID 0xD51507A2 Phone: +598-2604-2222 ext. 4427 http://www.labs.lacnic.net/drupal/blog/3
<<attachment: carlos.vcf>>
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
