[Opendnssec-user] Questions about SoftHSM and 'ods-ksmutil backup'

Jake Zack jake.zack at cira.ca
Thu Sep 24 14:45:50 UTC 2015

I'm trying to sync the kaspdb between two servers, which I expect to do periodically to counter drift between two signing boxes.

On the primary, I'm using ods-ksmutil backup to prepare and create /var/opendnssec/kasp.db.backup:

-rw-r--r-- 1 ods ods 39936 Sep 24 10:36 /var/opendnssec/kasp.db.backup

I'm scp'ing that file over to the secondary server.

Can I make ods-enforcerd use this kaspdb without a restart of ods-enforcerd?

I tried to make the secondary server do an "ods-ksmutil backup rollback" to make it read the .backup config into running config...but I get "There were no keys to rollback".

I'd've expected there to be a "restore" option or what not...what am I missing?  What's the preferred method for syncing two signers?


-Jacob Zack
Sr. DNS Administrator - CIRA (.CA TLD)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20150924/f182673a/attachment.htm>

More information about the Opendnssec-user mailing list