Task #2187
open
remove RRs on name server when the DSK which signs those RRs are removed.
0%
Description
For every RR on name server, a DSK is used to sign it. When the DSK is removed, the related RRs should be removed
Updated by Shock Jiang about 10 years ago
- Assignee changed from Shock Jiang to Jiewen Tan
Updated by Shock Jiang over 9 years ago
I propose that this function should be optional whether to remove all related RRs when removing an ID-CERT RR.
In that case that to update a ID-CERT RR to a new version (same public key, new version), admin may remove it first then add a new one.
Thus, those related RR is not supposed to be removed.
Updated by Jiewen Tan over 9 years ago
Shock Jiang wrote:
I propose that this function should be optional whether to remove all related RRs when removing an ID-CERT RR.
In that case that to update a ID-CERT RR to a new version (same public key, new version), admin may remove it first then add a new one.
Thus, those related RR is not supposed to be removed.
I suggest that this change should not be related to the original ndns-remove-rr tool. It is possible to later on craft a specific tool to handle this. Or add another mode into the ndns-remove-rr tool. I actually question whether this functionality is needed at this stage.
Updated by Shock Jiang over 9 years ago
Also suggest to have a tool/option that list all RRs signed by a given cert.
Updated by Jiewen Tan over 9 years ago
- Assignee changed from Jiewen Tan to Shock Jiang