[Opendnssec-user] Re: Backup/restore information

Fred Zwarts (KVI) F.Zwarts at KVI.nl
Tue Apr 3 14:32:43 UTC 2012

"Fred Zwarts (KVI)"  wrote in message news:jlcggf$hfg$1 at dough.gmane.org...


>So, I think I will make a daily cron job that performs the following steps.
>1) Shut down OpenDNSsec
>2) create a tar file with the softHSM and OpenDNSsec configuration in etc 
>and the OpenDNSsec state in /var/opendsnsec.
>3) dump the database of /var/softhsm/slot0.db to another file
>4) startup OpenDNSsec again.
>The next step is that I will try to use these backup files to restore the 
>OpenDNSsec and softHSM state on another server, just to prove that it is 

Today I tried to restore the OpenDNSsec state on another server, using the 
files saved as described above on the original server.
I compiled and built the software.
I did not run any of the programs, but first I tried to restore the state as 

I removed the /var/softhsm/slot0.db file and recreated it from the 
softhsmdump file with:
    sqlite3 /var/softhsm/slot0.db < softhsmdump
(This softhsmdump file was created with:
    sqlite3 /var/softhsm/slot0.db .dump > softhsmdump
on the original server.)

I deleted the /var/opendnssec directory and restored the contents from a tar 
file created on the original server.
I restored the files in /etc/opendnssec from the same tar file created on 
the original server.

I assumed that now everything was restored to the state in which the backup 
was made.
The commands "ods-ksmutil zone list"
and "ods-ksmutil repository list" worked correctly.
But when I tried to list the keys with:
    ods-ksmutil key list --verbose
the result was:
SQLite database set to: /var/opendnssec/kasp.db
hsm_get_slot_id(): could not find token with the name OpenDNSSEC
Error: failed to list keys

Any suggestion as to what is missing in the backup/restore procedure? 

More information about the Opendnssec-user mailing list