OpenDNSSEC Documentation 1.3
OpenDNSSEC Project Wiki

Links

OpenDNSSEC Developer Wiki
OpenDNSSEC Documentation
SoftHSM Developer Wiki
SoftHSM Documentation

OpenDNSSEC Home

All Versions

OpenDNSSEC v2.0
OpenDNSSEC v1.4
OpenDNSSEC v1.3
OpenDNSSEC v1.2.0
OpenDNSSEC v1.1.1
OpenDNSSEC v1.1.0
OpenDNSSEC v1.0.0

 

Current location:

OpenDNSSEC Documentation v1.3

Child pages
  • Running OpenDNSSEC

Versions Compared

Old Version 4

changes.mady.by.user Sara Dickinson

Saved on

compared with

New Version Current

changes.mady.by.user Jerry Lundström

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
ods-ksmutil update conf

For most other changes to the conf.xml file it is advisable to stop and start OpenDNSSEC to ensure the changes are detected. 

kasp.xml

When you make changes to a policy or add a new policy in kasp.xml you must update the changes to the database.

...

zonelist.xml

If you add zones directly into the zonelist (rather than using the ods-ksmutil zone add command) you must tell the enforcer to re-read the zone list by using the command:

Code Block
ods-ksmutil update zonelist

 

Monitoring the system

  • The pids used by the enforcer and signer processes are reported in syslog on startup.
  • The command 'ods-signer running' will report the status of the signer process, or restart it if it is not running.
  • When the enforcer daemon has run and completed enforcing the zones is sends a message to the syslog containing the text "Sleeping for" reporting how long it will be until it next runs 
  • The signer produces a log containing the text "[STAT]" whenever a zone is successfully signed
  • A Nagios plugin is available to check signed zones: https://github.com/opendnssec/dnssec-monitor

Logging

Details of logs produced by the system can be found on the Logging page.