[Opendnssec-user] Questions about SoftHSM and 'ods-ksmutil backup'

Rick van Rein rick at openfortress.nl
Thu Sep 24 14:55:02 UTC 2015

Hi Jake,

The backup commands of the KASP are designed for signalling purposes; keys may be configured to stay unused until a backup of them has been confirmed, so the KASP has a command for signalling that a backup was made.

The SQLite backups are made at the database level, and that is the level at which you should look for tooling support for import / recover the backup.  The default procedure in lieu of any would be to stop KASP, replace the database with the newly copied backup, and bring the KASP backup.

Your use of manual migration of the backups is not the normal way of establishing redundancy; such more advanced use cases are typically built up with MySQL and its replication mechanism (fallable as that may be).


More information about the Opendnssec-user mailing list