Rollerd

From DNSSEC-Tools
Jump to: navigation, search
{{#if:1| {{#if:| {{#if:1| {{#if:1| {{#if:| {{#if:|
DNSSEC-Tools Component
rollerd
This describes rollerd, which in the Authoritative Server Tools category within the DNSSEC-Tools Components framework of tools.
Tool Name: rollerd
Tool Type: Authoritative Server Tools
Manual: Manual

}}

Example: Example

}}

CLI: Help

}}

Tutorial: Tutorial

}}

How To: How To

}}

Download: rollerd

}}

About

rollerd is a daemon application that automates the process of resigning a zone on a regular basis and can automate the process of KSK rollover using the safe and recommended practices. rollerd is designed to ensure authoritative zone administrators will not have to worry about properly performing the critical timing steps involved with updating a zone's KSKs.

The rollctl command can be used to communicate with a running rollerd daemon.

Example of a rollerd Log File

Below is a rollerd log file. This was created with a "phase" log level, which only shows the changes in phase. This log file shows a single KSK rollover and a single ZSK rollover.

May 22 14:14:04 2008: rollerd starting ----------------------------------------
May 22 14:14:04 2008: rollerd parameters:
May 22 14:14:04 2008:           rollrec file    "/Users/tewok/work/dnssec/src/sv
n.dnssec-tools/dnssec-tools/tools/scripts/tests/test-rollzone/test.rollrec"
May 22 14:14:04 2008:           logfile         "log.test"
May 22 14:14:04 2008:           loglevel        "6"
May 22 14:14:04 2008:           sleeptime       "15"
May 22 14:14:04 2008:
May 22 14:14:04 2008: example.com: KSK phase 1
May 22 14:16:11 2008: example.com: KSK phase 2
May 22 14:16:13 2008: example.com: KSK phase 3
May 22 14:18:15 2008: example.com: KSK phase 4
May 22 14:18:16 2008: example.com: KSK phase 5
May 22 14:18:17 2008: example.com: KSK phase 6
May 22 14:18:24 2008: example.com: KSK phase 7
May 22 14:18:44 2008: example.com: KSK phase 0
May 22 14:18:44 2008: example.com: ZSK phase 1
May 22 14:20:46 2008: example.com: ZSK phase 2
May 22 14:20:47 2008: example.com: ZSK phase 3
May 22 14:22:49 2008: example.com: ZSK phase 4
May 22 14:22:53 2008: example.com: ZSK phase 0
May 22 14:23:33 2008: example.com: ZSK phase 1
May 22 14:25:35 2008: example.com: ZSK phase 2
May 22 14:25:37 2008: example.com: ZSK phase 3
May 22 14:27:39 2008: example.com: ZSK phase 4
May 22 14:32:32 2008: example.com: ZSK phase 0
May 22 14:33:20 2008: rollover manager shutting down...

TODO / WishList

  • The ability to roll different keys using different parameters (eg, support rolling multiple keys independently where one key is using RSA-SHA1 and another is RSA-SHA256).