[Opendnssec-user] About High Availablity for OpenDNSSEC

gaolei gaolei at knet.cn
Sun Aug 24 12:59:20 UTC 2014

Hi all,

From KNET , I notice there is a topic about opendnssec High Availablity at https://wiki.opendnssec.org/display/DOCS/High+availability 

But I was a little puzzled by this page.

It mentioned about master/slave like this:
Careful consideration should be given to which, if any, process are run on a slave (or on each master in a Master-Master) configuration. Some operators don't run either the enforcer or the signer on a slave instance but merely duplicate the data between the two instances in a timely fashion. Others run two master servers, both enforcing and signing but only publishing from an 'active' master.

I'm wondering what will happen to the rollover of keys if we make a master-master deployment.
1.Mysql used to store keys data , and
2.HSM machine employed to generate keys , and
3.Two opendnssec instances running on seperate servers for the same zone
Will the two opendnssec instances generate different keys for the same zone? If so , it seems as if it will bring troubles when the 'active' master is down ?

Can anyone give more suggestions on the High Availablity of opendnssec ?

Best Regards!

2014-08-24 18:05:37
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140824/7ff51152/attachment.htm>

More information about the Opendnssec-user mailing list