[Opendnssec-develop] OpenDNSSEC and Backups

John Dickinson jad at jadickinson.co.uk
Fri May 1 08:33:20 UTC 2009

On 30 Apr 2009, at 18:07, Stephen.Morris at nominet.org.uk wrote:

> John Dickinson <jadsab at googlemail.com> wrote on 30/04/2009 16:05:40:
>> :
>> Backing up the HSM should be done according to the HSM manufacturers
>> specified method. Having the ability to make consistent backups  
>> should
>> be a feature of the HSM. In the case of a SCA6000 see http://
>> docs.sun.com/source/820-4144-11/3_admin.html#50552899_pgfId-1009280
> This is seeming to argue for OpenDNSSEC making a copy of the data (if
> possible) and backing that up.  Otherwise in the worse case backup  
> could
> require logging into an HSM and exporting the data, backing up the  
> database according to the appropriate instructions, and copying the
> configuration files.

Sorry, I don't understand. What if the HSM doesn't store its keys in a  
file on disk but has some completely out of band backup system? This  
is a process issue that should not be solved by OpenDNSSEC.


John Dickinson

I am riding from Lands end to John O'Groats to raise money for  
Parkinson's Disease Research. Please sponsor me here http://justgiving.com/pedalforparkinsons2009

More information about the Opendnssec-develop mailing list