Hi, Today, I removed a zone, changed something one another one, and asked for the other one to be resigned, I was waiting for the changes to propagate, and as it was not happening fast enough for me, I went to have a look, and... It seems that removing a zone forces the signer to reread all the zones configurations. It seems quite a strange idea to do that to begin with, but now, with the number of zones I have (>1500) it takes ages, (a bit like the signer takes ages to launch,) so, I wonder, would it be possible to not do that as I don't really see the point for it. I don't know how the signer works internally, and how it stores the zones configuration, but there should be an easier when than rescanning all of them when you only want to remove one.
On another thought, many ods-ksmutil commands do HUP the enforcer, even some that really do not need to, like ds-seen, and as it takes about 4 minutes to go through all the zones when it has nothing to do, and more than one hour when it does a rollover on all zones, I was wondering if there could be a command line argument to ask not to HUP it, because, say, I'm doing something on more than one zone at a time, and I'd rather wait for all those to be done and notify the enforcer afterwards (or even wait for it to do its regular run) than having it forcefuly HUPed. -- Mathieu Arnold _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
