[Opendnssec-develop] Key (HSM) backup

Jakob Schlyter jakob at kirei.se
Fri Aug 14 11:34:30 UTC 2009

On 14 aug 2009, at 10.59, John Dickinson wrote:

> The process will be completely different for every HSM. Usually (I  
> expect) it will be totally out of band and a script will be able to  
> do nothing.

I agree completely.

> IMHO a syslog message that can be parsed by a monitoring system like  
> nagios is all we should do. If we want OpenDNSSEC to be more  "pro- 
> active" then send a SNMP trap. (If we want to future proof it then  
> NETCONF it :) ).
> We could also write a net-snmp agent extension or nagios plugin to  
> do the monitoring if so desired.
> We should not develop a whole notification system with emails/pages  
> being sent out. That is a problem already solved by snmp/netconf/ 
> nagios etc.



More information about the Opendnssec-develop mailing list