I'm in the process of migrating a modest number of zones from one signer
(OpenDNSSEC) to another (Knot-DNS). (The KSKs are identical so that should not
be an issue for this question.)
Each of the signers have a catalog (manually maintained for ODS, automatically
for Knot) which is transferred and consumed by BIND 9.18 secondaries; each of
these have two catalog{} stanzas on each server.
The trouble I'm going to be running into is when a zone should move from catz-A
to catz-B: in this case the zone must be removed from catz-A (whereupon it'll
be deleted when the catalog is notified/transferred) and added to catz-B
(whereupon it will be populated when the catalog is notified/transferred).
During this (possibly quite short) time, the zone will not be available on the
secondaries (REFUSED).
Is there a clever/elegant solution to this problem?
My first idea was to use the same zones-directory for each of the catalogs, but
a) I don't know whether that's actually a supported configuration and b) it
would likely not solve the issue because the catalog name is embedded in the
__catz__...*.db zone filename.
Adding the zone to both catalogs won't work either (obviously) because the zone would
"exist twice"; BIND catches that error and correctly logs it.
Any ideas? Bonus points if the solution can be automated. :)
Thank you,
-JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
