[Opendnssec-develop] OpenDNSSEC and Backups
John Dickinson
jad at jadickinson.co.uk
Fri May 1 08:33:20 UTC 2009
On 30 Apr 2009, at 18:07, Stephen.Morris at nominet.org.uk wrote:
> John Dickinson <jadsab at googlemail.com> wrote on 30/04/2009 16:05:40:
>
>> :
>> Backing up the HSM should be done according to the HSM manufacturers
>> specified method. Having the ability to make consistent backups
>> should
>> be a feature of the HSM. In the case of a SCA6000 see http://
>> docs.sun.com/source/820-4144-11/3_admin.html#50552899_pgfId-1009280
>
> This is seeming to argue for OpenDNSSEC making a copy of the data (if
> possible) and backing that up. Otherwise in the worse case backup
> could
> require logging into an HSM and exporting the data, backing up the
> KASP
> database according to the appropriate instructions, and copying the
> configuration files.
Sorry, I don't understand. What if the HSM doesn't store its keys in a
file on disk but has some completely out of band backup system? This
is a process issue that should not be solved by OpenDNSSEC.
John
---
John Dickinson
http://www.jadickinson.co.uk
I am riding from Lands end to John O'Groats to raise money for
Parkinson's Disease Research. Please sponsor me here http://justgiving.com/pedalforparkinsons2009
More information about the Opendnssec-develop
mailing list