[Opendnssec-user] Reinstalling opendnssec on new server

Ondřej Surý ondrej at sury.org
Wed Jan 25 10:46:36 UTC 2012


On Wed, Jan 25, 2012 at 11:10, Casper Gielen <c.gielen at uvt.nl> wrote:
> Op 24-01-12 22:34, Bas van den Dikkenberg schreef:
>> Can some one telme what is the correct procedure to reinstall opendnssec
>> on a new server with losing keys, and have to do key rol overs?
>
> I've never done so, but I think that just copying everything over should
> do the trick.

Well, if you have softhsm you need to export/import if you the new architecture
has different number of bits. See the recent discussion on the list...

> If you have a (hardware) HSM you'll obviously need to move
> that as well.
>
> - move the HSM

For softhsm also copy:
/etc/softhsm
/var/lib/softhsm
(adjust paths according to your setup)

> - move the data (/var/lib/opendnssec/) (could also be MySQL).
> - move the configuration (/etc/opendnssec/)

Just tested that myself and with exception of the integer-width
glitch, it worked like a charm.

O.
-- 
Ondřej Surý <ondrej at sury.org>



More information about the Opendnssec-user mailing list