OpenDNSSEC Documentation
Space shortcuts
OpenDNSSEC Project Wiki

Links

OpenDNSSEC Developer Wiki
OpenDNSSEC Documentation
SoftHSM Developer Wiki
SoftHSM Documentation

OpenDNSSEC Home

All Versions

OpenDNSSEC v2.0
OpenDNSSEC v1.4
OpenDNSSEC v1.3
OpenDNSSEC v1.2.0
OpenDNSSEC v1.1.1
OpenDNSSEC v1.1.0
OpenDNSSEC v1.0.0

 

Current location:

OpenDNSSEC Documentation 1.4

Child pages
  • Zone Management

Versions Compared

Old Version 3

changes.mady.by.user Sara Dickinson

Saved on

compared with

New Version Current

changes.mady.by.user Sara Dickinson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Section
Column
width50%

This section describes common Zone Management activities in OpenDNSSEC.

The details of the command utilities shown below can be found here.

Column
width50%
Panel
borderColor#dddddd
borderWidth2
borderStylesolid

On this Page

Table of Contents

Adding / Removing zones

Zones can be added and removed at will. If the optional parameters are not given, then it will default to the policy default and assume 'File' adaptors (input/output type) for both input and output with the (un)signed zones located in the {prefix}/var/opendnssec/ subdirectories. More details on the zone add command can be found here: ods-ksmutl zone add

Code Block
ods-ksmutil zone add --zone example.com 
[--policy <policy> --signerconf <signerconf.xml> --input <input> --in-type <input type> --output <output> --out-type <output type>]
ods-ksmutil zone delete --zone example.com

This command will report positively with a message like:

Code Block
zonelist filename set to /etc/opendnssec/zonelist.xml.
SQLite database set to: /var/opendnssec/kasp.db
Imported zone: example.com
Note

 Using this command thousands of times might be slow since it also writes to zonelist.xml. Use --no-xml to stop this behavior. Then export the zonelist when you are finished:

Code Block
none
none
ods-ksmutil zonelist export > zonelist.xml

Alternatively, you could manually edit the zonelist.xml and then give the command:

Code Block
ods-ksmutil update zonelist

After zones are added, they will show up in your logs as follows:

Code Block
none
none
ods-enforcerd: Zone example.com found.
ods-enforcerd: Policy for example.com set to default.
ods-enforcerd: Config will be output to /var/opendnssec/signconf/example.com.xml.

If you opened the latter file, you would find the settings that were applied to the zone at the time this file was added.

Updating an unsigned zone

Tip

When you update the content of an unsigned zone you must tell the signer engine to re-read the unsigned zone file using the ods-signer command like this:

Code Block
ods-signer sign example.com

This will also have the effect that the zone is scheduled for immediate resigning.