[Opendnssec-user] ods-hsmutil
Yuri Schaeffer
yuri at nlnetlabs.nl
Thu Jul 26 08:28:21 UTC 2012
Hi Paul,
> Are there any plans to change that to support failover/backup signers
> that would not depend on a constant feed of db files?
In my opinion ODS is not a component that _must_ offer uninterrupted
service so failover does not really make sense to me. If your ODS
instance would crash and burn you would have plenty of time to recover
from it using your backups. Your zones will be still up and signed
during that time.
That being said, how about a feature where you can bootstrap a fresh ODS
install with only a HSM (backup), config files and a signed
zonefile/axfr? Sane states could then be derived for the rollovers. In
this case loss of the db files is not fatal.
Would something like that be helpful for your application?
//yuri
More information about the Opendnssec-user
mailing list