Hi, On 08/29/2013 03:03 PM, Patrik Wallström wrote: > > On Aug 29, 2013, at 2:41 PM, Harald A. Irmer <[email protected]> wrote: > >> Hi Ondřej, >> >> thanks a lot! >> >> On 29.08.2013 14:22, Ondřej Caletka wrote: >>> Hi Harald, >>> >>> Dne 29.8.2013 13:56, Harald A. Irmer napsal(a): >>>> Our unsigned zones change every 5 minutes - maybe I can defer changes up >>>> to every 15 minutes - are the signed zones then produced accordingly >>>> _automatically_? >>> After update of an unsigned zone, call 'ods-signer sign <zone>' >>> everything else is automatic. >> I would be very pleased If I had not to sit there watching when a >> unsigned zone is updated because some admin has made a change maybe at >> 7am in the morning or 22pm or on sundays. And then me enter 'ods-signer >> sign <zone>' Haha! Is there any hope that unsigned zone changes will be >> recognized maybe via BIND notify messages and signing be done >> automatically? VERY important for me. > > You can automate this with either a Makefile or by using a hook in you > version control system (that you should probably use anyway).
If you configure OpenDNSSEC to be a zone transfer client, e.g. the signer reads the unsigned zones by doing an AXFR or IXFR, then it will also handle any NOTIFY packets the master sends after a zone update. (You are going to need version 1.4 or higher). If you let OpenDNSSEC work on unsigned zone files, you can follow Patrik's advice. Best regards, Matthijs > > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
