<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi Rick,<div><br></div><div>I'm looking forward to the release of the PIN daemon functionality. </div><div><br><div><div>On 8 Aug 2012, at 15:59, Rick van Rein wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; ">To me, it makes a lot of sense to control a redundant setup by<br>having only one node logged in at a time. Or does it sound like<br>an unintended hack? How do other users feel about this?</span></blockquote></div></div><div><div><br></div><div>In our case (dot IE ccTLD), we would like to be able to have two nodes access our DB and HA HSMs.</div><div><br></div><div>Every time we need to generate and sign a zone, we generate a zone with a serial of, for example, 2012080801 on nodeA and 2012081501 on nodeB. All other data within the unsigned zones is identical apart from the serial.</div><div><br></div><div>Each of those unsigned zones is then signed and validated etc.</div><div><br></div><div>We use this approach so that we can publish a last-known good zone, with up to one week's grace, should some disaster happen where a bad signed zone was published (for whatever reason). </div><div><br></div><div>Cheers</div><div><br></div><div>Billy </div></div></body></html>