Hello, this is a little precautionary tale for anyone running OpenDNSSEC. tl;dr Don't make syntax errors in zonelist.xml
Today I added a new zone to opendnssec. We manage zonelist.xml by hand (it's stored in SVN). Unfortunately I made a typo and deleted one character (a '<') somewhere in the middle of the file. Unaware of the typo I loaded the broken zonelist.xml (with ods-ksmutil update all). OpenDNSSEC promptly informed me that it was unable to parse the zonefile. I found and my mistake and loaded the new file and didn't think about it anymore until 15 minutes later every alarm in our system went off. Every zone after my typo had been erased and was being recreated. Unfortunately I did not realize the source of the problem right away. With hindsight the correct solution would have been to recover the entire OpenDNSSEC from backup. Instead I uploaded the new keys to our registrar. feature request: Please check the configuration for syntax-errors before acting upon it. -- Casper Gielen <[email protected]> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
