[Dnssec-trigger] bugfixes and new features
psimerda at redhat.com
Mon Jan 26 20:29:42 UTC 2015
----- Original Message -----
> From: "W.C.A. Wijngaards" <wouter at nlnetlabs.nl>
> To: "Pavel Simerda" <psimerda at redhat.com>, dnssec-trigger at nlnetlabs.nl
> Cc: "Tomas Hozza" <thozza at redhat.com>, "P J P" <pjp at fedoraproject.org>
> Sent: Monday, January 26, 2015 4:20:47 PM
> Subject: Re: bugfixes and new features
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> Hi Pavel,
> On 26/01/15 12:17, Pavel Simerda wrote:
> > Hi,
> > I have new patches for dnssec-trigger: two bugfixes, three
> > cleanups, three features.
> Thanks. Are you sure that reverse 1918 entries do not get stuck in
> this set up, because I see the script leaves them as-is when they are
> encountered, this does not make them 'once entered never go away'?
as far as I know, it adds them to the list of installed zones. They are
installed and they are kept as long as dnssec-triggerd.service is running
but they should be cleaned up as soon as dnssec-triggerd.service is stopped
and dnssec-trigger-script --cleanup is run.
Also if they are already configured before dnssec-triggerd.service is started,
dnssec-trigger-script leaves them alone and never touches them. That is
consistent with its behavior towards all other forward zones that are
configured by other means than from dnssec-trigger-script.
It follows the principle that custom unbound configuration takes precedence
over the dynamic one, so dnssec-trigger doesn't step in the administrator's
Does that answer your question?
> Best regards,
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> -----END PGP SIGNATURE-----
More information about the dnssec-trigger