[Opendnssec-user] high availability

Siôn Lloyd sion at nominet.org.uk
Wed Jun 25 14:42:30 UTC 2014

On 25/06/14 14:13, Emil Natan wrote:
> Hello,
> My goal is to replicate the ODS configuration between two nodes, one
> is active with ODS running and one passive where ODS is not running.
> https://wiki.opendnssec.org/display/DOCS/High+availability
> ... states under the "What to copy" section:
> "The state data - the minimum data required are the signconf files
> (default location is the  /var/opendnssec/signconf directory)"
> I see the files under signconf actually contain configuration copied
> from kasp.conf and information about the keys which is stored in the
> database (in my case MySQL). If missing these files, they are
> automatically created when the enforcer starts. My point is I do not
> see a reason to copy these files from one machine to another if they
> are created when the enforcer starts. Can I really omit this step or
> I'm missing something?
> Thanks.
> Emil

Hi Emil,

I think that the meaning here is that so long as you have those files
you can run a signer instance and so keep signatures from expiring.

Your assertion about them being created by the enforcer is correct.
However, when you start your backup enforcer you need to be sure that
the keyset is the same and so these files can be useful for that too.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140625/43e70d5b/attachment.htm>

More information about the Opendnssec-user mailing list