[Opendnssec-user] Syncing keys to backup server

Einar B. Halldórsson einar at isnic.is
Fri Aug 28 08:40:35 UTC 2020


We are finally planning a migration from 1.4 to 2.1 and at the same time looking
at having a proper backup signer setup. We're using SoftHSM, my question is
whether we have to pre-generate keys, copy them to the backup and trust that
ODS rollovers are in close enough sync? Is it feasible to instead constantly
sync keys from master to slave, with the backup set to manual rollover, so if and
when the master goes offline we can switch the backup "on" and have it be the new
signer with automatic rollovers?

All ideas and information welcome.


More information about the Opendnssec-user mailing list