[Dnssec-trigger] bugfixes and new features

Pavel Simerda psimerda at redhat.com
Mon Jan 26 20:29:42 UTC 2015


----- Original Message -----
> From: "W.C.A. Wijngaards" <wouter at nlnetlabs.nl>
> To: "Pavel Simerda" <psimerda at redhat.com>, dnssec-trigger at nlnetlabs.nl
> Cc: "Tomas Hozza" <thozza at redhat.com>, "P J P" <pjp at fedoraproject.org>
> Sent: Monday, January 26, 2015 4:20:47 PM
> Subject: Re: bugfixes and new features
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Hi Pavel,
> 
> On 26/01/15 12:17, Pavel Simerda wrote:
> > Hi,
> > 
> > I have new patches for dnssec-trigger: two bugfixes, three
> > cleanups, three features.
> 
> Thanks.  Are you sure that reverse 1918 entries do not get stuck in
> this set up, because I see the script leaves them as-is when they are
> encountered, this does not make them 'once entered never go away'?
> Committed.

Hi Wouter,

as far as I know, it adds them to the list of installed zones. They are
installed and they are kept as long as dnssec-triggerd.service is running
but they should be cleaned up as soon as dnssec-triggerd.service is stopped
and dnssec-trigger-script --cleanup is run.

Also if they are already configured before dnssec-triggerd.service is started,
dnssec-trigger-script leaves them alone and never touches them. That is
consistent with its behavior towards all other forward zones that are
configured by other means than from dnssec-trigger-script.

It follows the principle that custom unbound configuration takes precedence
over the dynamic one, so dnssec-trigger doesn't step in the administrator's
way.

Does that answer your question?

Cheers,

Pavel

> 
> Best regards,
>    Wouter
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBCAAGBQJUxltPAAoJEJ9vHC1+BF+N568P/ivNDUDzvClgE36jh4BS5MMC
> 833TWuokyQDQoCok6AupoDq7M8jtPd/Hgpey8uv3dDc1E8FICg/bmH7kMXP74BOk
> +SmAcSkwLTz8J6JBfgS6yFI7IypyA3QEGl+UKZpHPyPtLwjVmTB9s856GTs0/q7O
> 4HwBZ4FKsEWrLpeT/ouhAneLE90/+u7Mze/Bs0YIORU8S7MQiWCGs6jSGVLXVWKg
> ZtdWqmo2eo9BJqroifV7Ti+if674uDXpkvNN5/qWU0+zEGOv16ZdcC+ZXV1VIE1k
> bnYlvPzx2MfDkahc8KpVLnnCzcw4RqAblYHj9SMK+flhXrxOgJ0TXn7AaPmj/5b8
> n1ME1ygtbahsY8WqUmTHATRAmRVyLf0r8k1hwJa+zG0zfkcKhj2C5uwj9G3dmNqt
> O1UwUZgFmq0rGCvtuOAR1P5PsWNGPrOtD2tVH7DnvhNADPVxu31T+AGzsS3rjrz+
> WaYraa8VBW2ApZFL5E/FOuwQWKOWJJUx0aBOlAkwLDYZVdFJywm/Oltf+78Jxukj
> nRJVJx36ZmOmWtSG2aOQgr/t47z05jJmKW6Iuo4Xa3FyYz0yUiVX2sEEs8daKugU
> Vc0lKyXI5SiF3wYzIcEYeWGi5TT6G94wNtx6Uir5RBl+4pso1HEvNWKfNt2UtHQb
> 7+m+AJBFGg+Fg//aBHrC
> =X3sF
> -----END PGP SIGNATURE-----
> 



More information about the dnssec-trigger mailing list