[Opendnssec-user] Backup/restore information

Fred Zwarts (KVI) F.Zwarts at KVI.nl
Mon Apr 2 10:01:18 UTC 2012

We are considering to implement OpenDNSsec with softHSM voor our zones. We 
have set up a test system with Suse Linux Enterprise System 11 Service Pack 
2 (SLES11SP2). We followed the instructions in the documentation and we have 
OpenDNSsec running now for a few weeks. It looks very promising. Once 
running, it needs little attention. It is stable, while resigning records 
and performing rollovers for ZSK keys at predefined intervals.

Before we implement it on our real primary domain server, we need a backup 
What we could not find in the documentation is a section about 
backup/restore procedures. Currently on our primary domain server we backup 
the zone files and the configuration files of our bind server. If, for some 
reason, the primary domain server fails and must be set up from scratch, we 
simple install a new SLES11SP2 system with the same IP address, restore the 
bind configuration and the zone files and everything is back to the 
situation of the last backup. In the down time of the primary server, the 
secondary domain servers will make our zone available for other systems.
For OpenDNSsec and SoftHSM we want a similar procedure, but it is not clear 
to us what we need to save and restore in addition to our current backup. Of 
course we will backup the configuration files of OpenDNSsec and SoftHSM. But 
in addition, we need to save in some way the current key pairs and the state 
of OpenDNSsec.
Is there documentation about what should be backed up and how it should be 
done? And how OpenDNSsec and SoftHSM are restored from such a backup so that 
it can resume to a known state, without losing the integrity of the zone?


More information about the Opendnssec-user mailing list