[Opendnssec-user] high availability

Emil Natan shlyoko at gmail.com
Wed Jun 25 14:56:54 UTC 2014

Hi Sion,

Thank you very much for your response. I actually never thought about
scenario when the signer is running and the enforcer is down, but your
point is perfectly valid and the idea can be useful in certain
circumstances. Thanks.


On Wed, Jun 25, 2014 at 5:42 PM, Siôn Lloyd <sion at nominet.org.uk> wrote:

>  On 25/06/14 14:13, Emil Natan wrote:
> Hello,
>  My goal is to replicate the ODS configuration between two nodes, one is
> active with ODS running and one passive where ODS is not running.
>  https://wiki.opendnssec.org/display/DOCS/High+availability
>  ... states under the "What to copy" section:
>  "The state data - the minimum data required are the signconf files
> (default location is the  /var/opendnssec/signconf directory)"
>  I see the files under signconf actually contain configuration copied
> from kasp.conf and information about the keys which is stored in the
> database (in my case MySQL). If missing these files, they are automatically
> created when the enforcer starts. My point is I do not see a reason to copy
> these files from one machine to another if they are created when the
> enforcer starts. Can I really omit this step or I'm missing something?
> Thanks.
>  Emil
> Hi Emil,
> I think that the meaning here is that so long as you have those files you
> can run a signer instance and so keep signatures from expiring.
> Your assertion about them being created by the enforcer is correct.
> However, when you start your backup enforcer you need to be sure that the
> keyset is the same and so these files can be useful for that too.
> Sion
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140625/caf585e2/attachment.htm>

More information about the Opendnssec-user mailing list