paul at nohats.ca
Thu Jul 26 21:35:32 UTC 2012
On Thu, 26 Jul 2012, Yuri Schaeffer wrote:
> In my opinion ODS is not a component that _must_ offer uninterrupted
> service so failover does not really make sense to me. If your ODS
> instance would crash and burn you would have plenty of time to recover
> from it using your backups. Your zones will be still up and signed
> during that time.
If a large TLD gets a new registration, it needs to go out in minutes.
So a signer always needs to be ready to sign right now. Therefor, TLDs
or other large/dynamic zones will always need to have the option to
switch from one hardware setup to another (identical) one.
There is no time to go jump in a car and drive to a data centre.
> That being said, how about a feature where you can bootstrap a fresh ODS
> install with only a HSM (backup), config files and a signed
> zonefile/axfr? Sane states could then be derived for the rollovers. In
> this case loss of the db files is not fatal.
> Would something like that be helpful for your application?
I'm not sure what this will yield. What I'm looking for is that if I
pre-generate 3 years of keys into different HSMs, and then backup
the kasp.db, that I can bootstrap multiple signers that would perform
rollovers within the same hour indepentantly - solely based on having
identical keys on the HSM and an identical kasp.db.
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
More information about the Opendnssec-user