[Opendnssec-user] Syncing keys to backup server
Einar B. Halldórsson
einar at isnic.is
Fri Aug 28 08:40:35 UTC 2020
Hi,
We are finally planning a migration from 1.4 to 2.1 and at the same time looking
at having a proper backup signer setup. We're using SoftHSM, my question is
whether we have to pre-generate keys, copy them to the backup and trust that
ODS rollovers are in close enough sync? Is it feasible to instead constantly
sync keys from master to slave, with the backup set to manual rollover, so if and
when the master goes offline we can switch the backup "on" and have it be the new
signer with automatic rollovers?
All ideas and information welcome.
.einar
More information about the Opendnssec-user
mailing list