On Thu, 7 Jul 2016, Yuri Schaeffer wrote:
Yes it was released. I'm working on putting it up on www.opendnssec.org. Everything should be sorted out during today.
Thanks! Looking at preparing a package update, I noticed a few things: A new directory /var/opendnssec/enforcer is needed? It tries chdir() in there and failed for me. If this is just a rundir with no other requirements, the better default location would be /var/run/ and it should either use /var/run/<packagename>/ or /var/run/<service name>. I also see this as a string in ods-signerd. It might just be that I haven't found the appropriate configure option to tweak these. Why isnt it using the already existing /var/run/opendnssec/ ? I also noticed /var/opendnssec/tmp got renamed to /var/opendnssec/signer in conf.xml. I am a little worried because this is specified in conf.xml but also seems hardcoded in ods-enforcerd if I run strings on ods-enforcerd. I haven't found yet where this gets configured or set during build, so this might be perfectly fine. And ods-signerd seems to want to bind to 0.0.0.0:53 for me, so on a combination DNS server + opendnssec server that is not using XFR (like my own nohats.ca setup), this will fail to start at all. I might need to disable that feature in our standard configuration file, and let users set it specifically to some IP if they want this. Possibly, a better default would have been something on loopback? Paul _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
