Hi David,

Thanks for your report!

> I’m added zone 2 and 3.  I updated a TSIG key for domain 2 and then
> updated the enforcer and it deleted all my domains?

Well this is a bit embarrassing... Since 2.0 we declared the database
leading over the zonelist.xml for the configured zones. But to provide
backwards compatibility we still allow updating the zones via the
zonelist.xml like before.

> Usage:
> zonelist import
>         [--remove-missing-zones]                aka -r
>         [--file <absolute path>]                aka -f
> Help:
> Import zones from zonelist.xml into enforcer database.
> Options:
> remove-missing-zones    Remove any zones from database not existed in 
> zonelist file
> file                    File to import, instead of zonelist file configured 
> in conf.xml

As you can see we made the default not to remove zones that are no
longer in the XML. However 'update all' never included the
please-shoot-me-in-the-foot option. And instead defaults to foot shooting.

> Usage:
> update all
> Help:
> Perform policy import, update zonelist, and update repositorylist.

I understand this violates the least surprises rule and think we need to
improve this soon.


Attachment: signature.asc
Description: OpenPGP digital signature

Opendnssec-user mailing list

Reply via email to