We are considering to implement OpenDNSsec with softHSM voor our zones. We
have set up a test system with Suse Linux Enterprise System 11 Service Pack
2 (SLES11SP2). We followed the instructions in the documentation and we have
OpenDNSsec running now for a few weeks. It looks very promising. Once
running, it needs little attention. It is stable, while resigning records
and performing rollovers for ZSK keys at predefined intervals.
Before we implement it on our real primary domain server, we need a backup
policy.
What we could not find in the documentation is a section about
backup/restore procedures. Currently on our primary domain server we backup
the zone files and the configuration files of our bind server. If, for some
reason, the primary domain server fails and must be set up from scratch, we
simple install a new SLES11SP2 system with the same IP address, restore the
bind configuration and the zone files and everything is back to the
situation of the last backup. In the down time of the primary server, the
secondary domain servers will make our zone available for other systems.
For OpenDNSsec and SoftHSM we want a similar procedure, but it is not clear
to us what we need to save and restore in addition to our current backup. Of
course we will backup the configuration files of OpenDNSsec and SoftHSM. But
in addition, we need to save in some way the current key pairs and the state
of OpenDNSsec.
Is there documentation about what should be backed up and how it should be
done? And how OpenDNSsec and SoftHSM are restored from such a backup so that
it can resume to a known state, without losing the integrity of the zone?
Fred.Zwarts.
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
