[Opendnssec-user] high availability

Klaus Darilion klaus.mailinglists at pernau.at
Thu Jun 26 07:45:11 UTC 2014

On 25.06.2014 15:13, Emil Natan wrote:
> Hello,
> My goal is to replicate the ODS configuration between two nodes, one is
> active with ODS running and one passive where ODS is not running.
> https://wiki.opendnssec.org/display/DOCS/High+availability
> ... states under the "What to copy" section:
> "The state data - the minimum data required are the signconf files
> (default location is the  /var/opendnssec/signconf directory)"
> I see the files under signconf actually contain configuration copied
> from kasp.conf and information about the keys which is stored in the
> database (in my case MySQL). If missing these files, they are
> automatically created when the enforcer starts. My point is I do not see
> a reason to copy these files from one machine to another if they are
> created when the enforcer starts. Can I really omit this step or I'm
> missing something?

How will the enforcer on the backup server know which are the currently
used keys? E.g. how many key rollovers were done meanwhile?

We have the signer running on both servers, but the enforcer only runs
on the main server. And the output files of the enforcer are rsynced to
the backup server. When the backup becomes the master, we start the
enforcer on the backup server and switch the rsync direction.


More information about the Opendnssec-user mailing list