Hi, I'm new to OpenDNSSEC and despite reading through the documentation I am a little unclear as to the working of OpenDNSSEC. From presentations I have been to, I imagined that it worked like this:
* OpenDNSSEC listens for NOTIFY messages from a Master DNS Server
* OpenDNSSEC AXFR zone transfers from Master (on NOTIFY)
* OpenDNSSEC signs, then audits zones
* OpenDNSSEC NOTIFYs slaves
* Slave DNS Servers AXFR from OpenDNSSEC
-------------------- ----------------------
------------------
| Master DNS | === NOTIFY ===> | OpenDNSSEC |===NOTIFY=====> | Slave DNS |
|------------------- -----------------------
------------------
|
|
| ---> SIGN
---|
However from reading documentation it seems like OpenDNSSEC doesn't do the
final 2 steps; Send NOTIFY messages, and AXFR to requesting Slaves. It seems
like you need to run a DNS Server on the same box as the OpenDNSSEC, ODS then
triggers the rebuilding of the DNS once it has signed the zone:
conf.xml
<Signer>
<!--
<Privileges>
<User>opendnssec</User>
<Group>opendnssec</Group>
</Privileges>
-->
<WorkingDirectory>/var/lib/opendnssec/tmp</WorkingDirectory>
<WorkerThreads>3</WorkerThreads>
<!-- the <NotifyCommmand> will expand the following variables:
%zone the name of the zone that was signed
%zonefile the filename of the signed zone
-->
<!--
<NotifyCommand>/usr/local/bin/my_nameserver_reload_command</NotifyCommand>
-->
<!--
<NotifyCommand>/usr/sbin/rndc reload %zone</NotifyCommand>
-->
</Signer>
Can anyone help me out?
Thanks
Scott
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
