Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-314

Bootstrap ODS from signed zone

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: future
    • Component/s: None
    • Labels:
      None

      Description

      Feature proposal:
      Bootstrap ODS with tuple (kasp.xml, HSM, signed zonefile).

      That is without the enforcer state database. This could be used for:

      • recovery when database corrupt,
      • migration between ODS versions or other signing software,

      Migration this way is more future proof than exporting databases. Zonefiles are very well defined.

      Hurdles:

      • Enforcer needs to parse zonefile
      • Match DNSKEYS to HSM keys
      • When in rollover figure out towards which key
      • Assume everything rumoured, wait extra safety margin (i.e. a TTL)
      • Ask user for state of DS

        Attachments

          Activity

            People

            Assignee:
            yuri Yuri Schaeffer
            Reporter:
            yuri Yuri Schaeffer
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: