Rollerd
From DNSSEC-Tools Wiki
| DNSSEC-Tools Component | |
| rollerd | |
| This describes rollerd, which in the Authoritative Server Tools category within the DNSSEC-Tools Components framework of tools. | |
| Tool Name: | rollerd |
| Tool Type: | Authoritative Server Tools |
| Manual: | Manual |
|---|---|
| CLI: | Help |
| Tutorial: | Tutorial |
[edit]
About
Rollerd is a daemon application that automates the process of resigning a zone on a regular basis and can automate the process of KSK rollover using the safe and recommended practices. Rollerd is designed to ensure authoritative zone administrators will not have to worry about properly performing the critical timing steps involved with updating a zone's KSKs.
The rollctl command can be used to communicate with a running rollerd daemon.
[edit]
Example of Log Files
Below is a rollerd log file. This was created with a "phase" log level, which only shows the changes in phase. This log file shows a single KSK rollover and a single ZSK rollover.
May 22 14:14:04 2008: rollerd starting ---------------------------------------- May 22 14:14:04 2008: rollerd parameters: May 22 14:14:04 2008: rollrec file "/Users/tewok/work/dnssec/src/sv n.dnssec-tools/dnssec-tools/tools/scripts/tests/test-rollzone/test.rollrec" May 22 14:14:04 2008: logfile "log.test" May 22 14:14:04 2008: loglevel "6" May 22 14:14:04 2008: sleeptime "15" May 22 14:14:04 2008: May 22 14:14:04 2008: example.com: KSK phase 1 May 22 14:16:11 2008: example.com: KSK phase 2 May 22 14:16:13 2008: example.com: KSK phase 3 May 22 14:18:15 2008: example.com: KSK phase 4 May 22 14:18:16 2008: example.com: KSK phase 5 May 22 14:18:17 2008: example.com: KSK phase 6 May 22 14:18:24 2008: example.com: KSK phase 7 May 22 14:18:44 2008: example.com: KSK phase 0 May 22 14:18:44 2008: example.com: ZSK phase 1 May 22 14:20:46 2008: example.com: ZSK phase 2 May 22 14:20:47 2008: example.com: ZSK phase 3 May 22 14:22:49 2008: example.com: ZSK phase 4 May 22 14:22:53 2008: example.com: ZSK phase 0 May 22 14:23:33 2008: example.com: ZSK phase 1 May 22 14:25:35 2008: example.com: ZSK phase 2 May 22 14:25:37 2008: example.com: ZSK phase 3 May 22 14:27:39 2008: example.com: ZSK phase 4 May 22 14:32:32 2008: example.com: ZSK phase 0 May 22 14:33:20 2008: rollover manager shutting down...
[edit]
TODO / WishList
- The ability to roll different keys using different parameters (eg, support rolling multiple keys independently where one key is using RSA-SHA1 and another is RSA-SHA256).
