[Opendnssec-user] Enforcerd and signerd decoupling
Erik P. Ostlyngen
erik.ostlyngen at uninett.no
Wed Mar 12 10:53:41 UTC 2014
On 03/10/2014 02:59 PM, Matthijs Mekking wrote:
> Just some ideas of how we can fix it in the future. For a short
> term work around, I assume monitoring is your friend.
This brings up the question of how to handle the various emergency
situations.
In the scenario described by Antti (lets say the problems with the
zone provisioning system is recognized, but cannot be repaired within
the scheduled key publishing time interval), would the following be a
safe way to handle the situation?
Stop the enforcer
Fix the zone provisioning problems and publish the zone, which
includes the new key
Wait for the new zone to propagate all the way to the caching
resolvers
Re-start the enforcer and let it complete the rollover
Are there other recommended ways to freeze or postpone an ongoing key
rollover?
And are there good reasons for not using very long PublishSafety and
RetireSafety intervals, lets say weeks? It would make a controlled
emergency key rollover terribly slow, but in that case it should be
possible to change the policy before initiating the rollover.
Erik Østlyngen
UNINETT Norid
More information about the Opendnssec-user
mailing list